Security
Spotting Phishing & Malware
Red flags in emails, how to check suspicious links, and what to do if you get hit.
Red Flags in Emails
→
Urgency and fearYour account will be suspended in 24 hours. Legitimate companies do not rush you into clicking links.
→
Mismatched sender addressDisplay name says PayPal but the actual email is from a random domain. Always check the full address.
→
Suspicious linksHover before clicking on desktop. paypa1.com is not PayPal. One wrong character is all it takes.
→
Generic greetingsDear Customer instead of your name. Legitimate companies know who you are.
→
Unexpected attachmentsNever open attachments you were not expecting - even from people you know. Their account may be compromised.
How to Check a Suspicious Link
01
DesktopHover over the link. The real URL appears at the bottom of your browser. Read it carefully.
02
MobilePress and hold the link. A URL preview appears. Do not tap if it looks wrong.
03
Use VirusTotalGo to virustotal.com and paste any suspicious URL. Scans against dozens of security databases instantly.
04
When in doubt, type itGo directly to the website by typing it in your browser instead of clicking any link.
DNS PROTECTION
Harbor Privacy uses Hagezi threat intelligence blocklists updated daily with known phishing and malware domains. Even if you accidentally click a bad link, the connection gets blocked before it loads.
If You Think You Have Been Phished
01
Change your password immediatelyDo it from a different device if possible. Use a unique password you have not used anywhere else.
02
Enable 2FA on the accountEven if the attacker has your password, 2FA blocks them from logging in.
03
Check for unauthorized activityLogins, purchases, sent emails, changed settings.
04
Contact your bank if financial info was enteredCall the number on the back of your card immediately.
05
Run a malware scanMalwarebytes free tier works well on Windows and Mac.