Technology
Don’t click that link! How to spot, prevent phishing attacks in your inbox
‘CyberGuy’: Don’t take the bait
Kurt Knutsson provides advice on how to identify safe email links and tips for safeguarding your email account against phishing attacks.
Imagine this nightmare scenario. You receive an email from your health insurance provider, let’s say it’s Blue Shield, asking you to update your personal information by clicking on a link. You think it’s a routine request, so you click on the link and enter your name, date of birth, and social security number. The next thing you know, your identity is stolen, and your credit score is ruined.
This is a common occurrence of a phishing attack, a type of online scam that targets your email account. Phishing attacks are designed to trick you into clicking on malicious links, opening infected attachments, or providing personal information to hackers who want to steal your money, identity, or data. It’s definitely a concern of Don, from Michigan, who wrote to us asking,
“You mention not to tap/select links in emails, how do I know if email links are OK to select? (like Blue Cross Blue Shield??)” — Don, Michigan
Well, Dan, that is a great question that we will answer and share some tips on how to protect yourself from these attacks.
CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS, AND EASY HOW-TO’S TO MAKE YOU SMARTER
A person typing on a laptop (Kurt “CyberGuy” Knutsson)
How do I know if an email link is safe to select?
Here are three simple and effective ways to check if an email link is safe to select. These tips will help you avoid clicking on links that could lead you to phishing websites or malware downloads.
1) Inspect the link
One of the best ways to check if a link is safe to select is to inspect the link before clicking on it. To do this, you can carefully hover your mouse over the link and look at the web address that appears. If the web address looks suspicious, misspelled, or unfamiliar, don’t click on it.
When in doubt, go directly to the company’s website by manually typing in the web address, or searching for the site in a search engine. Most often, the first or second result that comes up is legitimate. If you see the word “Sponsored “above the search result, take a beat before clicking it and consider clicking on the result below it.
Example of inspecting a link in an email (Kurt “CyberGuy” Knutsson)
2) Verify the sender of the email
Another way to check if an email link is safe to select is to verify the sender of the email. Make sure that the email is from a legitimate source and not a spoofed or fake one. Scammers often use slight variations or impersonate legitimate sources. You can do this by looking at the sender’s email address and name. If the email address or name doesn’t match the sender’s identity, don’t trust the email.
If you’re still unsure about the authenticity of an email or a link, you can contact the sender directly and ask them to confirm. Don’t use the contact information provided in the email, but look for it on their official website or other trusted sources. Whatever you do, do not click on any links or provide personal information.
Example of how to check who an email is from (Kurt “CyberGuy” Knutsson)
MORE: HOW TO PROTECT YOUR IPHONE FROM CYBERATTACKS WITH LOCKDOWN MODE
3) Before you click on any links or email attachments, ask yourself 3 questions
Pause before clicking. Before you click on any link or open any attachment, take a moment to evaluate it and ask yourself these 3 questions:
- Do I know the sender?
- Do I trust them?
- Did I expect them to send me a link or an attachment?
If the answer is no to any of these questions, then you should absolutely not click on any link or open the attachment. These links or attachments may look harmless, but they can actually contain harmful malware that can damage your device or steal your data. It’s better to be safe than sorry when it comes to email attachments.
Person typing on a smartphone (Kurt “CyberGuy” Knutsson)
MORE: ANOTHER HOME THERMOSTAT FOUND VULNERABLE TO ATTACK
How to secure your email account from phishing attacks
Here are 6 tips to protect your email account from phishing attacks.
#1 CyberGuy tip: Use antivirus software: This is perhaps one of the best investments you can make for yourself to protect yourself from phishing scams. Having antivirus software actively running on your devices will make sure you are stopped from clicking on any malicious links or from downloading any files that will release malware into your device and potentially have your private information stolen. Read my review of my best antivirus picks here.
2) Enable two-factor authentication (2FA): Whenever possible, enable 2FA for your online accounts. This adds an extra layer of security by requiring a second form of verification, such as a unique code sent to your phone, in addition to your password.
3) Keep software up to date: Regularly update your operating system, web browsers, and antivirus software to ensure they are equipped to detect and prevent the latest threats. You can regularly check for these updates on your device’s settings app for software updates, and you can go to your App Store or Google Play Store (depending on the device you have) to check for updates on individual apps. Follow these steps here.
4) Be cautious with personal information: Be wary of sharing sensitive information online, especially if it’s unsolicited or seems suspicious. Legitimate organizations rarely ask for personal details via email.
5) Report suspicious emails: If you receive a suspicious email claiming to be from a specific organization, report it to that organization’s official support or security team so they can take appropriate action.
6) Educate yourself and others: Stay informed about the latest phishing tactics and share this knowledge with friends, family, and colleagues. Awareness is a powerful tool in preventing scams.
MORE: FACEBOOK ACCOUNTS HIT WITH MALICIOUS AD ATTACK WITH DANGEROUS MALWARE
What should you do if you’ve clicked a link and installed malware on your device?
If you’ve been hacked, it’s not too late. There are several ways you can protect yourself from hackers, even when they have access to your information.
Scan your device for malware
First, you’ll want to scan your computer with a reputable and legitimate antivirus program. See my expert review of the best antivirus protection for your Windows, Mac, Android & iOS devices.
Change your passwords immediately
If you’ve inadvertently given your information to hackers or malicious actors, they could have access to your social media or banking accounts. To prevent this, you should change your passwords for all your important accounts as soon as possible. However, you should not do this on your infected device, because the hacker might see your new passwords. Instead, you should use ANOTHER DEVICE, such as your laptop or desktop, to change your passwords. Make sure you use strong and unique passwords that are difficult to guess or break. You can also use a password manager to generate and store your passwords securely.
Monitor your accounts and transactions
You should check your online accounts and transactions regularly for suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or the authorities as soon as possible. You should also review your credit reports and scores to see signs of identity theft or fraud.
Use identity theft protection
Phishing emails target your personal information. Hackers can use this information to create fake accounts in your name, access your existing accounts, and pretend to be you online. This can cause serious damage to your identity and credit score.
To avoid this, you should use identity theft protection services. These services can track your personal information, such as your home title, Social Security Number, phone number, and email address, and notify you if they detect any suspicious activity. They can also help you freeze your bank and credit card accounts to stop hackers from using them. Read more of my review of best identity theft protection services here.
Contact your bank and credit card companies
If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should contact your bank and credit card companies and inform them of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges, and issue new cards for you.
Alert your contacts
If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.
Restore your device to factory settings
If you want to make sure that your device is completely free of any malware or spyware, you can restore it to factory settings. This will erase all your data and settings and reinstall the original version. You should back up your important data before doing this, and only restore it from a trusted source.
MORE: HOW HACKERS ARE TARGETING X VERIFICATION ACCOUNTS TO TRICK YOU
Kurt’s key takeaways
Making you and your family resilient from these growing dangers needs to be your number one priority. Protecting yourself from phishing attacks is crucial. Falling victim to such scams can result in identity theft, financial losses, and data breaches. Don’t let yourself become a target. By following the steps we’ve outlined above and staying vigilant, you can significantly reduce the risk of falling prey to phishing attacks. Your online security is in your hands, so make informed choices to protect your personal information and data.
Have you ever encountered a suspicious email or phishing attempt? How did you handle it, and what did you learn from the experience? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Answers to the most asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
I never felt done with my Animal Crossing: New Horizons island. Despite playing every day for two years, and racking up 1,700 hours of playtime, I somehow never finished decorating. I had plenty of ideas for my island, sure, but actually implementing them was another story: The decorating and terraforming systems that helped make New Horizons a huge success are also slow, manual, and cumbersome, and my patience for decorating and redecorating had finally worn thin.
Fast-forward a few years, and a very much unexpected update is coming to finally fix some of those pain points. Update 3.0 is launching on January 15th, 2026, alongside the Switch 2 Edition of New Horizons. And while the paid Switch 2 upgrade has some nice-to-haves (like Joy-Con 2 mouse controls for indoor decorating), it’s the free update that brings all the key new features.
I recently attended a virtual preview for the New Horizons upgrade and update, and there are two caveats: I have not yet played either the Switch 2 version or the new free content myself, and it’s hard to gauge the quality of the Switch 2 version’s visual and performance improvements over a Zoom call. (I still have some unanswered questions about the biggest performance issues on the original Switch, like the choppy frame rate on more densely decorated islands.) But seeing the 3.0 additions in action, it was easy to imagine myself finishing my island — or at least an island.
As shown in the October announcement trailer, update 3.0 makes much-needed quality-of-life fixes. You’ll finally be able to craft multiple items at once, and crafting will pull materials from your overall storage instead of your pockets, meaning you won’t have to do a bunch of inventory management just to craft some decor. Then there’s Resetti’s Reset Service, which can help you clean up entire sections of your island instantly so you don’t have to pick everything up individually in order to redecorate. Some players also noticed a very subtle but potentially impactful change to movement while terraforming that should hopefully make it a smoother process. And then, as if to show off those decorating improvements, Nintendo also added Slumber Islands.
Not to be confused with dreams, New Horizons’ online island-sharing feature, Slumber Islands are extra sandboxes for you to decorate and play with, where you can set the time of day and the weather and magically conjure up any item you have in your in-game catalog to decorate with, similar to the Happy Home Paradise DLC. You can build bridges and inclines instantly by talking to Lloid, rather than going through Tom Nook and waiting (or time traveling) a day. And while it seems like terraforming works the same on Slumber Islands, the apparent addition of strafing while terraforming — instead of having to constantly reorient yourself manually — should help at least a little bit. (It’s the first thing I’m going to test on January 15th, that’s for sure.)
For me, the worst part of decorating in New Horizons was having an idea, ordering all the furniture I’d need for it over the course of days, testing out the design, realizing it did not look the way I envisioned, and facing the tedious process of breaking it all down and starting over again brick by brick — or, at the very least, having to push and pull objects around for a while to see if I could make it work. The design process I saw on Nintendo’s Slumber Island during the preview, meanwhile, seemed quicker and smoother. Trying out an idea or aesthetic in that environment doesn’t sound like such a tall order.
Without any hands-on time, I can’t say if it will actually be noticeably easier to design and decorate with the 3.0 update. But I’m excited by the idea that I can go to my Slumber Island scratch pad and try out my designs before committing to them (and the cost in bells to get it all done) on my main island. And maybe, if I really like how it feels to decorate, I’ll make an entire Halloween-themed Slumber Island — the kind of island I’ve wanted to make for years but never did on my main island, where the seasons continue to change and actively ruin the vibe.
NEWYou can now listen to Fox News articles!
Any data breach affecting 1.6 million people is serious. It draws even more attention when it involves a company trusted to guard passwords. That is exactly what happened to LastPass.
The UK Information Commissioner’s Office has fined LastPass about $1.6 million for security failures tied to its 2022 breach. Regulators say those failures allowed a hacker to access a backup database and put users at risk.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
CHECK IF YOUR PASSWORDS WERE STOLEN IN HUGE LEAK
Why the LastPass breach still matters
LastPass is one of the most widely used password managers in the world. It serves more than 20 million individual users and around 100,000 businesses. That popularity also makes it an attractive target for cybercriminals.
The UK Information Commissioner’s Office fined LastPass for security failures tied to its 2022 breach. (LaylaBird/Getty Images)
In 2022, LastPass confirmed that an unauthorized party accessed parts of its customer information through a third-party cloud storage service. While the incident initially raised alarms, the long-term impact has taken time to fully surface.
The ICO now says the breach affected about 1.6 million UK users alone. That scope played a major role in the size of the fine.
What regulators say went wrong
According to the ICO, LastPass failed to put strong enough technical and security controls in place. Those gaps made it possible for attackers to reach a backup database that should have been better protected.
The regulator added that LastPass promises to help people improve security, but failed to meet that expectation. As a result, users were left exposed even if their passwords were not directly cracked.
Were passwords exposed or decrypted?
There is still no evidence that attackers decrypted customer passwords. That point matters.
Despite the breach, security experts continue to recommend password managers for most people. Storing unique, strong passwords in an encrypted vault is still far safer than reusing weak passwords across accounts.
As one expert noted, modern breaches often succeed after identity access rather than password cracking alone. Once attackers get a foothold, the damage can spread quickly.
Although attackers accessed a backup database, there is no evidence that customer passwords were decrypted. (Kurt “CyberGuy” Knutsson)
Why the LastPass fine is a wake-up call for cybersecurity
The ICO called the LastPass fine a turning point. It reinforces the idea that security is about governance, staff training and supplier risk as much as software.
Users have a right to expect that companies handling sensitive data take every reasonable step to protect it.
Breaches may be inevitable, but weak safeguards are not.
LastPass on the UK data breach
We reached out to LastPass for comment on the UK fine, and a spokesperson provided CyberGuy with the following statement:
“We have been cooperating with the UK ICO since we first reported this incident to them back in 2022. While we are disappointed with the outcome, we are pleased to see that the ICO’s decision has recognized many of the efforts we have already taken to further strengthen our platform and enhance our data security measures. Our focus remains on delivering the best possible service to the 100,000 businesses and millions of individual consumers who continue to rely on LastPass.”
MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINS
How to protect yourself after a password manager breach
Breaches like this are a reminder that security requires layers. No single tool can protect everything on its own.
1) Use a strong password manager correctly
Keep using a reputable password manager. Set a long, unique master password and enable two-factor authentication. Avoid reusing your master password anywhere else.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.
2) Rotate sensitive passwords
Change passwords for financial accounts, email accounts and work logins. Focus on services that could cause real damage if compromised.
3) Lock down your email
Your email account is the key to password resets. Use a strong password, two-factor authentication and recovery options you control.
4) Reduce your exposed personal data
Data brokers collect and sell personal information that criminals use for targeting. A data removal service can help reduce what is publicly available about you. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
The fine sends a warning to the entire cybersecurity industry. Companies that handle sensitive data must protect it with strong safeguards and oversight. (REUTERS/Andrew Kelly)
5) Watch for phishing attempts and use strong antivirus software
After major breaches, scammers follow. Be cautious of emails claiming urgent account problems or asking for verification details. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
6) Keep devices updated
Install updates for your operating system, browser and security tools. Many attacks rely on known vulnerabilities that updates already fix.
Kurt’s key takeaways
The fine against LastPass is about more than one company. It highlights how much trust we place in tools that manage our digital lives. Password managers remain a smart security choice. Still, this case shows why you should stay alert even when using trusted brands. Strong settings, regular reviews and layered protection matter more than ever. In the end, security works best when companies and we share the responsibility. Tools help, but habits and awareness finish the job.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Do you believe companies are doing enough to protect user data, or should regulators step in more often? Let us know by writing to us at Cyberguy.com.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
It’s still hard to believe that Hollow Knight: Silksong actually came out this year, but now, we all have a new thing to wait for: the game is getting a free expansion in 2026, titled Sea of Sorrow. Team Cherry calls it the game’s “first big expansion.”
“New areas, bosses, tools, and more!” Team Cherry says in a blog post. “Hornet’s adventures continue in our nautically themed expansion, coming free for all players next year. We’ll keep further details a secret for now, but expect additional info shortly before Hollow Knight: Silksong – Sea of Sorrow releases.”
More than 7 million people bought Silksong, according to Team Cherry, and “millions more” played on Xbox Game Pass.
The original Hollow Knight is getting updated, too. Team Cherry is working on a Nintendo Switch 2 Edition of the game that “incorporates all the updates and enhancements that Silksong received on the platform: High frame-rate modes, higher resolutions, and many additional graphical effects.” Players who own the Switch version of the game will get the Nintendo Switch 2 Edition as a free update when it’s available in 2026.
Ahead of that launch, Team Cherry says it will be “updating all versions of the original game for current platforms, adding features and fixing bugs.” Those changes include “full 16:10 and 21:9 aspect ratio support for those of you with Steam Decks or ultrawide monitors,” and PC players can try the new updates in public beta.
4 dead, Detroit firefighter injured in slew of fires. What to know
What have San Francisco police been doing at 16th and Mission?
Packers star Micah Parsons heads to Dallas while awaiting ACL surgery
An immersive ‘Survivor’ experience and fan café will open in Miami in January
MIT professor shot and killed in his Brookline home
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
Video: Nick Reiner Talked Openly About His Addiction Struggles
Trump admin defends White House ballroom as national security matter
Venezuelan opposition leader Machado injured on covert Nobel Prize trip
Peace plans ready to be presented to Russia in days, says Zelenskyy
Video: Brown Student Has Survived Two School Shootings
-
Washington1 week agoLIVE UPDATES: Mudslide, road closures across Western Washington
-
Iowa2 days agoAddy Brown motivated to step up in Audi Crooks’ absence vs. UNI
-
Iowa1 week agoMatt Campbell reportedly bringing longtime Iowa State staffer to Penn State as 1st hire
-
Iowa3 days agoHow much snow did Iowa get? See Iowa’s latest snowfall totals
-
Miami, FL1 week agoUrban Meyer, Brady Quinn get in heated exchange during Alabama, Notre Dame, Miami CFP discussion
-
Cleveland, OH1 week agoMan shot, killed at downtown Cleveland nightclub: EMS
-
World1 week ago
Chiefs’ offensive line woes deepen as Wanya Morris exits with knee injury against Texans
-
Minnesota1 week agoTwo Minnesota carriers shut down, idling 200 drivers
