LPT: When you're on a website requiring login and you get there from a hyperlink, always enter the wrong password first. Phishing sites won't reject the password.

I understand the concerns raised here and a lot of them are valid. My tip is NOT the only thing you should be doing to prevent a phishing attacks. You should:

  1. Check the address bar
  2. Look for a verified sign (Green on chrome)
  3. Try to enter the website by manually typing it in if you can
  4. Enable two-factor authentication

However, phishing attacks are getting more sophisticated. Here's a recent example: http://fortune.com/2017/01/18/google-gmail-scam-phishing/

In this case, the user is basically trying to access a download so it would be acceptable to click a hyperlink instead of typing in a potentially long web address. Also, a phishing website can get a fake certificate leading to a locked symbol being shown (not necessarily green). And the address bar at first glance seems genuine.

It is easy for people to fall for something as sophisticated as the example above.

If you enter wrong password and it takes it, you know it was a phishing website and your password was not compromised.

But lets say the phishing website was sophisticated enough that it checks the password you enter against the actual website, ideally, you get a login alert show up with the wrong location for failed attempt from the actual site letting you know that the website might not be legit.

But bottomline, one LPT alone is not going to prevent you from being phished. You need to always be on the lookout for other signs.

/r/LifeProTips Thread