Don’t Take the Bait: Protecting Yourself from Phishing Attacks
Phishing is like our word “fishing” — but instead of trying to catch fish, scammers are trying to catch your sensitive information like credit card numbers, bank details, usernames, and passwords.
This information can then be used to access your accounts or sold to malicious groups who use it for ransomware attacks, account takeovers, or business email compromise.
Even with all the warnings out there, we still regularly see people come in after falling victim to phishing attacks.
With AI making scams more convincing than ever, it’s becoming harder to tell what’s real and what isn’t. That’s why it’s more important than ever to stay cautious and not trust everything that appears on your screen.
Here are some practical steps you can take to protect yourself.
Beware of Fake Microsoft 365 Login Emails
One of the most common scams we’re currently seeing involves fake Microsoft 365 emails.
These emails usually claim there’s a problem with your account — such as missed messages, password expiry warnings, security alerts, or blocked emails. They’re designed to create urgency and pressure you into acting quickly.
They include a link that looks legitimate but actually takes you to a fake Microsoft login page. If you enter your email and password, scammers can immediately gain access to your account.
From there, they can:
- Access your mailbox
- Send phishing emails from your account
- Steal files or reset other passwords
This is one of the main reasons people contact us — and often, by the time it’s noticed, the account has already been compromised.
How to protect yourself
- Stop and think: Microsoft will not pressure you to act immediately.
- Check links carefully: Hover over links before clicking — fake sites often have unusual or unrelated web addresses.
- Avoid signing in from email links: If unsure, go directly to the official Microsoft website instead.
- When in doubt, don’t click: Forward suspicious emails to us and we’ll check them for you.
If you think you’ve entered your details into a fake login page, contact us straight away. The faster we act, the more damage we can prevent.
Use Multifactor Authentication (MFA)
Multifactor Authentication adds an extra layer of security by requiring more than just your password to log in.
This could be a code sent to your phone, a fingerprint scan, or facial recognition.
Even if someone gets your password, MFA can stop them from accessing your account.
Use Passphrases Instead of Passwords
Passphrases are longer and much harder to crack than traditional passwords.
Using 3–4 unrelated words with capitals, symbols, or spaces makes them significantly more secure against modern hacking methods like brute force attacks.
Keep Your Software Updated
Updates aren’t there to annoy you — they fix security vulnerabilities that attackers actively look for.
Delaying updates can leave your device exposed to new threats. Regularly restarting your computer also helps ensure critical updates are properly installed.
Install a Reliable Antivirus
Having proper antivirus protection adds another layer of defence.
At The Computer Workshop, we recommend Avast Antivirus. It provides strong protection and also allows our technicians to remotely access your computer if something goes wrong.
The faster we can access your system, the more we can limit potential damage.
For a minimal cost of $45 per year or $135 for 3 years (plus a one-time setup fee – March 2026), you can have peace of mind knowing your system is protected.
Final Reminder
Never provide personal information over the phone or online if you did not initiate the contact.
If something feels off, trust that instinct.
Stay cautious, stay aware, and don’t take the bait.
