OwlTree Web Solutions company logo

How to Protect Yourself from Online Phishing Attacks

14 February 2022

Phishing attacks are on the increase, so it is important to be vigilant to protect yourself from potential online attacks. Phishing attacks are usually done by email but sometimes can happen via text message. They are the practice of sending fraudulent communications that appear to come from a reputable source. The attacker’s goal is to steal sensitive data like login information and credit card details, or to install malware on your device.


There are many different types of phishing, below we have touched on a some of the most common to look out for.

Deceptive phishing is one of the most common types of attacks. The attacker attempts to obtain your confidential information which they use to steal money. For example, this could be a fake email from your bank requesting that you verify your account details which the attacker can then steal. It could also be a fake invoice that they want your business to pay or that you’re eligible for a tax refund. Scammers launch thousands of phishing attacks like these every day and they’re often successful.

Spear phishing targets specific individuals instead of a group of people. Attackers often do research into their victims so they can appear more authentic when communicating. This kind of attack is often the first step used to penetrate a business’ defences.

Office 365 phishing attempts to gain access to your Office 365 email by sending you a fake email from Microsoft with a clickable URL link. The email would prompt you to log into your account to reset your password, giving a reason such as there had been a security breach on your account.

Whaling is when the attackers go after a key or high-profile individual, like the owner of a company. Attackers spend a lot of time profiling the target to try and steal login information. They do this as executives have access to a larger amount of company information.

How can I protect myself from attacks?

One of the best ways to protect your business is to educate your employees on how to recognise a phishing email and what to do when they do receive one. Simulation exercises are also useful in assessing how your employees react to a staged phishing attack. You may also want to consider:


  • Protecting your computer using security software so it can pick up on any new security threats
  • Protecting your mobile phone by setting software to update automatically
  • Using multi-factor authentication on your accounts. Adding additional credentials such as a passcode or security key via an authentication app will make it harder for scammers to log in to your accounts if they do get your username and password. You could also set your device to scan your fingerprint or set up facial recognition
  • Backing up your computer and mobile phone data and ensuring the backups are not connected to your home network. You could copy files to an external cloud storage or hard drive 
  • Browsing securely using a secure website (indicated by https:// and a security “lock” icon in the browser’s address bar), especially when submitting sensitive information such as credit card details.


If you suspect you have encountered a phishing attack, it is best to ask yourself if you have an account with this company or know the individual who has sent the message. If you do, then you should firstly contact them via an email address or phone number you know is real to confirm with them directly. Opening attachments that you suspect are not legitimate could leave you open to a harmful malware attack. It is always best to be safe.


If you would like information on keeping your own website secure, then please get in touch with us via our contact page.

Like What You See

Get in touch today to find out how OwlTree can help

01204 326280