One morning I wrote down ten very simple things that will help to not get phished.
Although any Infosec / Cybersec pro will probably roll her/his eyes, this kind of advice still got some positive feedback.
So why not share it, then?
Ten ways to not fall for phishing:
1. Use a spam filter
2. Check your mails for viruses and malware
3. Only open attachments from people you know and trust
4. Do not open attachments with multiple file extensions (e.g. filename.pdf.exe)
5. Is the mail really addressed to you? Does the sender call you by your name?
6. Does the subject line start with "Re:" although it is the first mail in the conversation?
7. Do not automatically load images and active contents when opening a mail
8. Compare link target and link description before you click it
9. Legitimate business partners like banks will never ask for your PIN in an email
10. If you do not use WhatsApp then there also is no new message from SexySaba25 for you. Don't click the link.
As I said, just a few basic but helpful tools in your inventory.
I'll finish with a personal story:
A few years ago, I got a nicely crafted email from someone I knew, claiming they had been robbed while on holiday in an Eastern European country. Everything had been taken: mobile phone, money, car keys, the works.
The mail itself was quite convincing and asked for 100 Euros to be wired to a certain account, "to get things started in order to return home". Now. Who wouldn't help a friend in need? Instead of wiring money I took the liberty to call said friend, and they anserwed their phone (which clearly was not stolen) and knew nothing about the scam. So they got on the phone and alerted all their friends and asked them not
to wire any money to the fraudulent account.
The thing is, do not believe every mail you get. Sometimes being willing to help and other nice traits of humanity get exploited, so - as always - think before you act, which is one of the best protections against any scam.