Phishing attacks are one of the most common cybersecurity threats in 2025, tricking users into sharing sensitive information like passwords or financial details through fake emails, texts, or websites. For Account Academy learners managing bookkeeping, accounting, or WordPress sites, protecting against phishing is critical to safeguarding client data and business operations. This guide provides a practical, step-by-step process to secure your computer against phishing attacks, using free or accessible tools and techniques anyone can implement.
Why This Matters
Phishing attacks exploit human error, not just technical vulnerabilities. In 2025, AI-generated phishing emails are more convincing, making it essential to secure your computer and develop habits to spot and avoid these scams. This guide will help you protect your personal and professional data, ensuring your bookkeeping records and WordPress sites remain safe.
What You’ll Need
A computer (Windows, macOS, or Linux)
An internet connection
A web browser (e.g., Chrome, Firefox, Edge)
Basic familiarity with email and browsing
Optional: A free email filtering tool (e.g., Gmail’s built-in filters or SpamAssassin for advanced users)
Step-by-Step Guide
Update Your Operating System and Software
Why: Outdated software can have vulnerabilities that phishing attackers exploit to install malware.
Steps:
Windows: Go to Settings > Windows Update > Check for updates. Install all available updates, including security patches.
macOS: Click the Apple menu > System Settings > General > Software Update. Follow prompts to update.
Linux: Open a terminal and run sudo apt update && sudo apt upgrade (Ubuntu/Debian) or sudo dnf update (Fedora).
Browsers and Apps: Ensure your browser (e.g., Chrome) and email client (e.g., Outlook) are updated. In Chrome, go to Settings > About Chrome to check for updates.
Tip: Enable automatic updates to stay protected without manual checks.
Enable Two-Factor Authentication (2FA) on Your Email Account
Why: Phishing often targets email accounts to steal credentials. 2FA adds an extra layer of security by requiring a second verification step (e.g., a code sent to your phone).
Steps:
Gmail: Go to myaccount.google.com > Security > 2-Step Verification. Follow prompts to enable 2FA using your phone number or an authenticator app like Google Authenticator.
Outlook: Navigate to account.microsoft.com > Security > Two-step verification. Set it up with a phone number or Microsoft Authenticator.
Other Providers: Search for “enable 2FA [your email provider]” to find specific instructions.
Tip: Use an authenticator app instead of SMS for stronger security, as SMS can be intercepted.
Install and Configure an Anti-Phishing Browser Extension
Why: Browser extensions can block phishing websites and warn you about suspicious links before you click them.
Steps:
Install uBlock Origin (free, available for Chrome, Firefox, Edge):
Go to the Chrome Web Store or Firefox Add-ons page.
Search for “uBlock Origin” and click Add to [Browser].
Once installed, click the uBlock Origin icon in your browser toolbar and select Open Dashboard. Enable additional filter lists like “Phishing Protection” or “EasyList” for better coverage.
Alternatively, try Netcraft Extension (also free), which specifically flags phishing sites.
Tip: Test the extension by visiting a safe test phishing site like phishing.org to see how it flags suspicious pages.
Set Up Email Filters to Catch Phishing Attempts
Why: Email filters can automatically move suspicious emails to spam or a quarantine folder, reducing the chance of clicking malicious links.
Steps (Using Gmail as an Example):
Open Gmail and click the Settings gear > See all settings > Filters and Blocked Addresses.
Click Create a new filter.
In the “From” field, enter common phishing keywords like “urgent,” “account suspended,” or “verify your account.”
Click Create filter and select Mark as read or Delete it to prevent interaction with these emails.
For advanced users: Install SpamAssassin on your email server (if you manage one) to score and filter emails based on phishing patterns.
Tip: Regularly check your spam folder to ensure legitimate emails aren’t misfiltered.
Learn to Spot Phishing Emails (Practical Exercise)
Why: Technical tools are only half the battle; recognizing phishing attempts is key.
Steps:
Open your email and find a recent spam or promotional email (don’t click links!).
Check for red flags:
Sender Address: Hover over the sender’s name to see the actual email address. Legitimate companies use official domains (e.g., “@paypal.com” not “@paypa1.com”).
Urgent Language: Look for phrases like “Act now!” or “Your account will be suspended.”
Suspicious Links: Hover over (don’t click) links to see the URL. Phishing links often lead to fake domains (e.g., “paypa1-login.com”).
Practice with a free phishing quiz like Google’s Phishing Quiz (search “Google Phishing Quiz” online) to test your skills.
Tip: If unsure about an email, contact the company directly using their official website or phone number, not the email’s contact info.
Back Up Your Data Regularly
Why: If a phishing attack leads to ransomware or data loss, backups ensure you can recover without paying attackers.
Steps:
Use a free cloud service like Google Drive (15GB free) or Microsoft OneDrive (5GB free):
Sign up at drive.google.com or onedrive.com.
Upload critical files (e.g., bookkeeping records, WordPress backups) to the cloud.
Alternatively, use an external hard drive:
Connect a USB drive to your computer.
On Windows, use File History (search in Settings) to back up files.
On macOS, use Time Machine (System Settings > General > Time Machine).
Schedule weekly backups to stay consistent.
Tip: Test your backup by restoring a file to ensure it works.
Test Your Setup
Why: Verify that your protections work before a real attack occurs.
Steps:
Send yourself a test email with a benign link (e.g., to accountacademy.co.uk) and check if your email filter flags it.
Visit a safe test phishing site (e.g., phishing.org) to confirm your browser extension blocks it.
Attempt to log in to your email with 2FA to ensure it prompts for a second factor.
Tip: Document your setup process in a notebook or digital file for reference.
Additional Tips
Stay Educated: Visit accountacademy.co.uk for more cybersecurity courses to deepen your knowledge.
Use Strong Passwords: Use a password manager like Bitwarden (free) to generate and store unique passwords for each account.
Report Phishing: Forward suspicious emails to report@phishing.gov.uk (UK-specific) or your email provider’s abuse team.
Regular Checks: Monthly, review your email filters and browser extensions to ensure they’re up to date.
Visit AccountAcademy.co.uk to learn more, book free training, or enrol in hands-on practical courses tailored to your growth. Whether you’re just starting out or looking to sharpen your edge, we’ve got the tools and expertise to help you succeed.
Start learning today at AccountAcademy.co.uk — where skill meets opportunity.
