Phishing Prevention Checklist

Phishing has become one of the most common online threats, affecting individuals and organisations in contemporary digital life.

Cybercriminals use emails, text messages, and fake websites to trick people into revealing personal or financial information, and these scams can be convincing, often imitating trusted brands or colleagues. Knowing how to spot and respond to phishing attempts is an important step in keeping your information safe. This phishing prevention checklist highlights the key things to look out for and simple actions you can take to protect yourself online.

This checklist is designed for internal use. It’s a simple reference guide to help everyone in your company spot and avoid phishing attempts. Please review and keep it handy.

1. Think before you click

Be cautious with any link or file before opening.

• Pause first: do not click links until you know where they lead.
• Hover to reveal: hold your mouse over a link to check the true address.
• Unexpected files: if you were not expecting an attachment, confirm with the sender.

2. Check the sender carefully

Always confirm who really sent the message.

• Look past the display name: expand the email details to see the real sender address.
• Watch for subtle changes: swapped letters or extra symbols can make a fake look real.

3. Spot urgent or unusual requests

Urgency and surprise are common attack tactics.

• Beware time pressure: criminals often insist you act immediately.
• New payment details: any request to change bank or invoice information must be verified separately.
• Surprise gift cards or prizes: usually a sign of fraud.

4. Trust but verify calls and messages

Phone calls, texts and chat messages can also be manipulated.

• Voice can be faked: attackers can mimic leaders or colleagues.
• Never share codes: multi-factor authentication codes and passwords should not be given to anyone.
• Hang up and call back: use a trusted number if the call seems odd.

5. Look for content clues

Small details in the message often reveal scams.

• Strange greetings: “Dear Customer” or “Hello User” in place of your name.
• Odd formatting or colours: inconsistent logos, mismatched fonts, or blurry images.

6. Keep login details safe

Passwords and access codes protect everything, treat them carefully.

• Passwords are private: no IT or vendor should ask for them.
• Unique passwords: avoid reusing the same one across accounts.
• Report quickly: if you suspect compromise, contact security immediately.

7. Report suspicious activity fast

Reporting early keeps small incidents from becoming breaches.

• Use the “Report Phish” button: the easiest way to alert the security team.
• Forward to a security mailbox: e.g. phish@[yourcompany].com.
• Escalate calls or texts: contact IT if a phone or message request seems odd.

8. When in doubt, stop

It is better to check than to risk a mistake.

• Take time to think: a pause can stop a breach.
• Ask a colleague or manager: a quick second opinion is worth it.

9. Keep your devices updated

Updates close known holes attackers exploit.

• Install updates: patch known vulnerabilities promptly.
• Restart regularly: many updates finish only after a reboot.

10. Stay alert beyond email

Threats can arrive through any digital channel.

• Think before you share: oversharing on social media helps attackers profile you.
• Watch texts and chat platforms: scams appear in Teams, WhatsApp, Telegram and LinkedIn and other platforms too.
• Be careful with QR codes: only scan from trusted sources.

Quick contacts

Update with your organisation’s details below before sharing this phishing prevention template internally.

Report suspicious email: phish@[yourcompany].com

Urgent helpdesk: +44 (0)xxx xxx xxxx

Security team chat channel: [insert link if applicable]

Cybercriminals are constantly finding new ways to deceive, but with awareness and care, you can stay one step ahead. By following this phishing prevention checklist, taking time to think before clicking links, and reporting anything that seems suspicious, you can help protect yourself and others from phishing scams. Staying alert and informed is one of the simplest and most effective ways to stay secure online, for more information on protection and robust cybersecurity, speak with our expert team.

Consider registering for our Cybersecurity Masterclass, weekly lessons sent directly to your inbox.