How ‘The Power of the Pause’ Can Help Your Practice Avoid Phishing Attacks

An unexpected email could be phishing or could contain ‘malware ‘(which is short for ‘malicious software’, such as viruses, ransomware, spyware, or adware). Malware can damage your systems or devices, steal your personal information, or compromise your online security. Some malware can also spread to other systems or devices on the same network or through email attachments. You should always have updated antivirus software on your systems and devices and avoid opening suspicious files or links from unknown sources. If the email is unexpected, it’s always safer to avoid interacting with it. If the email feels relevant, call the legitimate source to verify its authenticity.

An email address is one way to identify an email’s sender. If an email address is unfamiliar, it’s possible the sender is trying to hide their identity or isn’t who they claim to be. For example, a scammer may use a fake email address that looks legitimate—but with a slight spelling change or different domain name. Alternatively, a hacker may spoof an email address to make it appear as if it comes from a trusted source—such as your bank, employer, or friends. In both cases, the sender's goal is to trick you into believing the email is authentic and trustworthy--so you'll follow their instructions or requests. Instead of replying or clicking, use another method to contact your trusted source—such as phone, official website, or known email—to verify.

An email with a sense of urgency may pressure you into acting quickly—without pausing to think or verify the source. For example, an email may claim that your account has been hacked, your subscription is about to expire, or you’ve won a prize that requires immediate confirmation. These common tactics used by scammers are designed to make you panic—so you’ll click on malicious links and attachments or provide personal or financial information. You should always be cautious of emails that demand urgent action and check the sender's identity and the validity of the message before responding.

Always pause if an email asks you to act, as it may be a phishing attempt or a scam that’s trying to exploit your trust or emotions to pay money, donate to a fake charity, take part in a bogus survey, or claim a nonexistent reward. Both phishing and scams can harm you financially, damage your reputation, or compromise your online security. You should always verify the identity and legitimacy of the sender before taking any action, and never click on links or attachments that you aren't sure about. If ever in doubt, contact the organization or person directly using a different channel, such as phone or official website.

Hovering is a technique that can help you analyze an email by revealing the true destination of a link or an attachment. A link or an attachment is a clickable element in an email that can take you to another website, download a file, or open a document. However, some links or attachments may be disguised or spoofed to look legitimate but lead you to malicious sites or files. For example, a link may appear to be from your bank but directs you to a fake site that asks for your login credentials. Or an attachment may seem to be an invoice but contains a virus that can infect your systems or devices. Hovering is a way to check the actual location of a link or an attachment without clicking on it. To hover, you simply move your mouse cursor over the link or the attachment and wait for a few seconds. A small box will pop up and show you the URL or the file name of the link or the attachment. You can then compare this information with the text or the icon of the link or the attachment and see if they match. If they do not match, or if the URL or the file name looks suspicious, you should avoid clicking on the link or the attachment and delete the email or report it as a phishing attempt. Deciphering a URL can be challenging, but don't worry - the internet is here to help! Utilize online resources like VirusTotal to assist you in determining whether a website is safe to visit. These tools can help you make informed decisions and avoid potential online threats.