How to Prevent Phishing Attacks

A typical way of getting hacked is falling for a phishing attack. In fact, most of the large data breaches in recent years have been due to phishing.

The number of phishing attacks is increasing because they are both easy to execute and highly effective. Even if the eventual goal of an attacker is an organization, attacks always begin by targeting individuals. Phishing attacks have been utilized to steal confidential information, compromise entire organizations, and perhaps even influence a Presidential election.

What is a phishing attack?

Phishing is a type of online attack where criminals send a fake email asking you to click a link or download an attachment, appearing to be from a legitimate source. That can be a bank, a credit card company, an email provider or popular services like Google, Ebay, or Facebook.

Phishing campaigns can be extremely sophisticated, making use of highly personalized messages that appear to come from people you know, or companies you trust. Oftentimes, attackers will try to trick you into entering your password into a web page that appears legitimate but is actually a fraudulent site which is stealing your data.

Phishing attacks can also rely on malicious software. Instead of trying to trick you into entering your password, these attacks will try to trick you into clicking on a link to an infected website, or opening an infected file, or installing malicious software on your device. For example, an attacker pretending to be your bank might ask you to review recent transactions and send over a file of recent transactions. However, opening the file will install a virus on your computer.

Defending against email phishing attacks

Fortunately, it’s not difficult to defend against phishing attacks as long as you are vigilant and comply with the following rules. These rules are generally applicable and aren’t specific to ProtonMail. But as you will see below, ProtonMail has several additional anti-phishing protections built in, which make it much harder to become a victim.

Protect your email address

In order to start an attack against you, attackers must first know your email address. You can’t hide your address, however, you can keep separate email addresses for different purposes. For example, don’t use your business card email address for your bank account, loan or other sensitive accounts. Choose a secure, secret one.


With ProtonMail you can use multiple addresses to keep your private address a secret. For example, if the address you use in public is, you can create a second address to use only for sensitive accounts like online banking. Thus, if somebody pretending to be your bank sends you an email to, you can identify it as a phishing email because it was not sent to the address you use for your online banking.

Carefully verify the emails you receive

Always check that the sender is who they say they are. Phishing emails can usually be easily identified because they rarely get everything right:

  • the sender of the email will usually not be an official communication account. For example, a phishing email targeting ProtonMail users might be sent from
  • the link contained in the phishing email will also not be an official site either. For example, the link in the email might go to instead of ProtonMail offers a link confirmation feature that can help you verify the link you are following is not malicious.
  • emails can also come from people that you know, but with subtle variations instead of (can you see the difference?)

Note, these accounts and URLs will sometimes look deceptively similar to the real thing, so be sure to check them carefully!


Keep in mind that communications from ProtonMail will always come from one of the following Official ProtonMail Accounts:

  • (other very rarely used accounts include,,,,,

And we only make use of the following domains:, As an added protection, automated messages from the ProtonMail Team are always starred by default.


ProtonMail Email Phishing Protection

ProtonMail provides additional anti-phishing protection with PhishGuard, a set of special features designed specifically to combat phishing.

Because sender email addresses can be spoofed (e.g. an email can appear to come from but not actually be sent from there), ProtonMail provides an additional way to help identify whether an email is legitimate.

If the person you are communicating with is also using ProtonMail (or their email is hosted by ProtonMail), your communication is transmitted with end-to-end encryption. Secure emails sent from other ProtonMail users can be identified by the purple lock.


Sender spoofing is NOT possible between ProtonMail addresses or domains hosted by ProtonMail. Thus, if the “From” address is, and it has a purple lock, you can be sure it is actually sent from that account.

This also means that if your organization’s emails are hosted by ProtonMail, the purple lock guarantees that:

  • The email was sent by another member of your organization
  • The address is not spoofed (and therefore it is most likely not a phishing email).

These features means the phishing risk for you or your business is greatly reduced if you are using ProtonMail.

DMARC Protection

To further protect users, ProtonMail also supports DMARC which helps to identify emails which might be spoofed. For example, when you open an email which fails DMARC, we display a red warning message to warn you that the email may be spoofed and that you should verify the authenticity of the email with the sender.

email dmarc spoofing
An example of how an email that fails DMARC is displayed in ProtonMail.

Link confirmation

Hackers do not always need to fool you into sharing sensitive data. If they can deceive you just long enough for you to click on a malicious link, they can still compromise your device’s security. To prevent this, ProtonMail’s Link Confirmation can help you identify suspicious links without putting your device at risk. When Link Confirmation is enabled, a window will pop up whenever you click on a hyperlink contained in a message. That pop-up displays the link’s full URL, giving you a chance to inspect whether the link is suspicious. 

Protect your passwords

No organization in possession of sensitive data should EVER ask for your password via email. If you receive an unsolicited email asking you for your password, or with a link taking you to a suspicious looking website asking you for your credentials, do NOT enter your password.

ProtonMail will never send you unsolicited emails or other communication asking you for your ProtonMail credentials. We may occasionally ask you for login details and information if you are experiencing a login problem, but only if you initiated communication with our support team.

Report phishing emails to our support team

If you receive an email you suspect to be a phishing attack, do not click on any links or download any attachments. Instead, we have created a simple way to report the email to our support team, which will analyze the headers and contents to improve our spam filters. (Note that emails reported to us as phishing will be sent to our team unencrypted.) Learn how to use our report phishing feature.

What to do if you’ve been hacked

If you’ve fallen for a phishing scam, there are a few things you should do immediately to recover and protect your account.

    1. Go to Settings -> Account and verify that the Reset/notification email has not been changed or added by the hacker.
    1. On the same Account page, change your password.
    1. Then go to Settings -> Security and enable two-factor authentication (2FA). This ensures that the hacker (and future hackers) cannot break into your account without also having access to your 2FA device.
    1. On the same Security page, enable Advanced Authentication Logs, which allow you to track when and from where someone has accessed your account or tried to.
  1. You can also check your other settings to be sure nothing has been tampered with. For instance, an attacker might whitelist their own email addresses, add spammy links to your email signature, or set up auto replies to trick your contacts.

When in doubt, Ask!

If you have any doubts about whether or not an email is legitimate, please ask and confirm with the person or company that supposedly sent it. In the case of a suspicious email that claims to be from the ProtonMail Team, you can write to and our security team will be able to advise you further.

You can get a free secure email account from ProtonMail here.

ProtonMail is supported by community contributions. We don’t serve ads or abuse your privacy. You can support our mission by upgrading to a paid plan or donating.

About the Author

Proton Team

Proton was founded by scientists who met at CERN and had the idea that an internet where privacy is the default is essential to preserving freedom. Our team of developers, engineers, and designers from all over the world is working to provide you with secure ways to be in control of your online data.


Comments are closed.

54 comments on “How to Prevent Phishing Attacks

  • If ProtonMail is serious about preventing phishing, it should show the sender’s full address by default. It’s unacceptable that a security-focused email service hides information about where an email came from.

    Right now, when I open an email in the mobile app, it just shows the sender’s name (which can be spoofed) and I have to tap that teeny, tiny word “Details” to see the address. I realize screen real estate is valuable, but if I had to choose between seeing only the name or only the address, I’d rather see only the address because it’s harder to spoof and better prevents phishing.

    ProtonMail needs to allow users to see full addresses without tapping “Details,” either by default or as an option in the settings.

    • This is done by default in the webapp, but in mobile due to lack of screen space, we decided against this.

  • Well it is disappointing to see that its not mentioned to be aware of what happens if e-mails fail to meet DMARC alignment and are requested to be quarantined or rejected by the domain admin but what with your partial implementation, its no wonder. I do see they are at least parsed for DMARC since Auth-Results for it show up in e-mail headers & its an established standard but why wouldn’t you mention that here?

    I even sent a spoofed e-mail to my account & you didn’t even honor your own DMARC record and allow it to be delivered!

    • We don’t reject DMARC failures, instead we send those straight to spam because sometimes people just mess up their DMARC implementations then complain about lost emails.

      • Oops! I see the spoofed e-mail didn’t actually get sent yet so nevermind on the last part. Its good that you now clarified what you automatically do when we receive e-mails but at this point I’ll explain for you that you have the same quarantine-only policy for your & DMARC records for outgoing mail. What’s odd is that there’s no reporting addresses listed at all so for some reason you don’t care to get reports if your domains are being spoofed or if e-mails are staying aligned after server changes or if there’s errors. This would seem to explain why you aren’t sending aggregate or forensic feedback reports to other domains though. Hopefully, this will spur you guys to do more for your own domains & when we have you host ours. Kudos on the support article for setting up SPF, DKIM & DMARC for custom domains though!

  • So is PhishGuard a set of userland utilities, filters, rules, etc we can implement on the user’s end? Or they backend tools for you? Or both?
    If they are user tools when might we expect to see PhishGuard rolled out?

  • I like this facility to have multiple addresses! To know your partners is a must! I never expect to get an unknown mail on my private address! For unknown mails I look on my “contact’ business address!

  • Is PhishGuard a user tool with settings user can customize or is it a backend server tool? If it a user tool when can we expect it to be rolled out to users?

  • Hello,
    Regarding the lock icon I would like to say that while it is very visible in the app, it is not that visible in the computer:
    it is tiny and waaaay far to the right of the noadays huge screens.

    It would be cool that it would be more visible, so I don’t have to remember to look at it, but rather just see it.

    Thanks for the great work!

  • Being an Ex MMilitary person I am fairly well up to dat with all that has been said! I am now feeling a little better bringing thia all up the front and for you to know that I will cherish our relationship and hope It will be a long one! Many Thanks!

  • I wonder if the lock icon (indicating that the mail is coming from a protonmail user) is enough!

    1) what if have a contact called, but receive a mail from
    The lock icon will make me believe it’s real!
    I would like to get all mails from outside my address book to be obviously marked! (big red banner etc)

    2) I would like the option to auto-delete all mails from NON-protonmail accounts.

    3) When my domain is hosted by protonmail and I get a mail from, is there a lock or not?
    If yes, your statement that it indicates that the sender is from my organisation, is wrong!
    If not, the statement that protonmail-originated mails have a lock, is wrong.

    • In case number 1, you just need to be aware and check. There is no way to prevent deceptive looking addresses tricking people short of blocking them, which is somewhat dangerous to do due to false positives.

      • What is wrong with highlightening that this is a new user you have not had contact with or that he is not in your address book?

  • I would like to inform you that I faced a strange action on my correspondance .
    sending an email , it stops for a while on Drafts Folder!!! and I m not sure if always goes afterwards to its destination. or remain in Drafts. I never gave this order to the settings .
    further more I sent email with two attachments and arrived only One !!!
    could you please explain to me why that happened ??

  • Thank you so much 4 that important information, (coming from a person who still knows very little about my computer!)

  • I am currently fighting these attachs. I’m grateful to have information and tips on how to combat these intrutions and scams. I didn’t realise my privacy and identity was at risk till it was to late. I want to thank companies like yours for the services u provide.

  • Can you please work on
    an easier way to use your VPN in a Unix (Linux Mint)
    environment. A GUI would
    be welcome for an increasingly growing group! Keep up the good work. Thanks

  • I want to visit THE LHC and learn everything about how it works, so bring me please! :) #proton #atoms #darkmatter #godparticle

  • Can you stop it with the gray text and use black? The contrast between the page background and the text is poor and it is difficult to read. You are concerned with privacy. What about usability? I have been using my account less and less because of the eyestrain. Text is black; background is white.

  • Thank you all at Proton for your excellent efforts to provide encrypted, secure email service. I only wish now is, I hope someone brings us a simple effective new wireless phone service, identical to the Blackberry platform. You gentlemen appear to have the sense for such a proposal. Thank you so much and bless you for this service.
    Mr. J.A.

  • I signed up for my proton mail account because I disliked my old provider, However, I have an issue with your anti phishing system. One of my oldest and dearest friends emails all come thru with your warning but yet there seems to be no way to remove or allow an exception for email from my friend. How does one fix this issue? If the issue cannot be fixed then I am going to have to make another email account elsewhere or leave open an account with that company I have so come to hate.

  • I love proton mail I have used it in the past and now I am back

    The best Email Client Anyone van have

    Thank you so much

  • What are your plans to maintain secure encryption tools & techniques since it’s now well known how effective Quantum computing is at breaking encryption of all types?

    • Quantum computing is not effective at breaking encryption yet. That said, we are proactively developing strategies to deal with quantum computing, and we’ll share some of this information in an upcoming blog post.

  • Tenho conta Google e um dos endereços gmail foi hackeado e está administrando meu sistema Android. Todos os apps são fales. Entrei na VPN Próton e agora no PROTONMAIL. Sou do Brasil e nãotenho cartãode crédito. Mas quero assinar os serviços pagos Proton. Primeiro o mais barato. Podem me ajudar?

  • I’ve been having hacking problems that’s the reason I came to you guys.
    Can have more info on how to keep my personal stuff safer

  • Why is the Highwire suddenly a thread?
    Who gave you the idea that the Highwire is suddenly phishing for my data?
    Why don’t you investigate first before warning your customers?
    Who told you to flag the Highwire?
    Protonmail should be a sanctuary in this day and age.
    Now you are the same as Gmail, Whatsapp and Facebook.
    And this on the same day, that Whatsapp data is merged with Facebook, the 9th of Feb. 2021
    People are fleeing away…into the hands of the compromised….
    Shame on you, that you let this happen to your platform.
    Correct your mistakes,….please.
    Or at least come clean and tell everybody that you are just following orders.
    At least that is honest.
    Crooked, but honest.
    Now you are crooked and dishonest, that is as bad as it gets…