How to prevent phishing attacks

Share this page

Falling for a phishing attack is a common way to get hacked. In fact, most of the large data breaches in recent years have been due to phishing.

The number of phishing attacks is increasing because they are both easy to execute and highly effective. Even if the eventual target of an attacker is an organization, attacks always begin by targeting individuals.

Phishing attacks have been utilized to steal confidential information, compromise entire(new window) organizations, and perhaps even influence a Presidential election(new window).

What is a phishing attack?

Phishing is a type of online attack where criminals send a fake email asking you to click a link or download an attachment that appears to be from a legitimate source. That can be a bank, a credit card company, an email provider, or a popular service , such Google(new window), eBay, or Facebook.

Phishing campaigns can be extremely sophisticated, making use of highly personalized messages that appear to come from people you know or companies you trust. Oftentimes, attackers will try to trick you into entering your password into a web page that appears legitimate but is actually a fraudulent site aimed at stealing your data.

(new window)

Phishing attacks can also rely on malicious software. Instead of trying to trick you into entering your password, these attacks will try to trick you into clicking on a link to an infected website, opening an infected file, or installing malicious software on your device.

For example, an attacker pretending to be your bank might ask you to review recent transactions and send over a file of recent transactions. However, opening the file will install a virus on your computer.

Defending against email phishing attacks

Fortunately, it’s not difficult to defend against phishing attacks as long as you are vigilant and comply with the following rules. These rules are generally applicable, and aren’t specific to Proton Mail. But as you will see below, Proton Mail has several additional anti-phishing protections built in, which make it much harder to become a victim.

Protect your email address

To start an attack against you, an attacker must first know your email address. You can’t hide your address when sending an email, but you can keep separate email addresses for different purposes.

For example, don’t use your business card email address for your bank, loan, or other sensitive accounts. Choose a secure, secret one.

protonmail-phishing-aliases
(new window)

With Proton Mail you can use multiple addresses to keep your private address a secret. For example, if the address you use in public is john.doe@proton.me, you can create a second address, john1988@proton.me, to use only for sensitive accounts like online banking.

Thus, if somebody pretending to be your bank sends an email to john.doe@proton.me, you can identify it as a phishing email because it was not sent to the address you use for your online banking.

Carefully verify the emails you receive

Always check that the sender is who they say they are. Phishing emails can usually be easily identified because they rarely get everything right:

  • The sender of the email will usually not be an official communication account. For example, a phishing email targeting Proton Mail users might be sent from timothy.bad@mail.ru.
  • The link contained in the phishing email will also not be an official site either. For example, the link in the email might go to pro7on.me instead of proton.me. Proton Mail offers a link confirmation feature(new window) that can help you verify the link you are following is not malicious.
  • Emails can also come from people that you know, but with subtle variations.
    thornas@proton.me instead of thomas@proton.me (can you see the difference?)

Note: these accounts and URLs will sometimes look deceptively similar to the real thing, so be sure to check them carefully!

Keep in mind that communications from Proton will always come from one of the following official Proton Mail accounts:

  • no-reply@news.proton.me
  • no-reply@news.protonvpn.com
  • no-reply@news.proton.me
  • no-reply@news.protonvpn.com
  • no-reply@mail.proton.me
  • no-reply@calendar.proton.me
  • no-reply@drive.proton.me
  • no-reply@vpn.proton.me
  • no-reply@offers.proton.me
  • no-reply@offer.protonvpn.com
  • no-reply@notify.proton.me
  • no-reply@notify.protonvpn.com
  • no-reply@verify.proton.me
  • no-reply@recovery.proton.me
  • no-reply@partners.proton.me
  • no-reply@referrals.proton.me
  • contact@protonvpn.com
  • support@protonmail.zendesk.com
  • contact@proton.me

As an added protection, automated messages from the Proton Team are always starred by default.

Emails from Proton are starred


Please note that our customer success team may use Zendesk to provide you help, using the following address: support@protonmail.zendesk.com.

Proton Mail Email Phishing Protection

Proton Mail provides additional anti-phishing protection with PhishGuard, a set of special features designed specifically to combat phishing.

Because the sender email addresses can be spoofed (e.g. an email can appear to come from contact@proton.me but not actually be sent from there), Proton Mail provides an additional way to help identify if an email is legitimate.

If the person you are communicating with is also using Proton Mail (or their email is hosted by Proton Mail), your communication is transmitted using end-to-end encryption. Secure emails sent from other Proton Mail users can be identified by a blue lock icon.

A blue icom means the email is end-to-end encrypted

Sender spoofing is not possible between Proton Mail addresses or domains hosted by Proton Mail. Thus, if the From address is thomas@proton.me, and it has a blue lock, you can be sure it is actually sent from that account.

This also means that if your organization’s emails are hosted by Proton Mail, the blue lock guarantees that:

  • The email was sent by another member of your organization
  • The address is not spoofed (and therefore it is most likely not a phishing email).

These features mean the phishing risk for you or your business is greatly reduced if you are using Proton Mail.

DMARC Protection

To further protect users, Proton Mail also supports DMARC which helps to identify emails which might be spoofed. For example, when you open an email which fails DMARC, we display a red warning message to warn you that the email may be spoofed and that you should verify the authenticity of the email with the sender.

How an email that fails DMARC is displayed in Proton Mail
How an email that fails DMARC is displayed in Proton Mail

Link confirmation

Hackers do not always need to fool you into sharing sensitive data. If they can deceive you just long enough for you to click on a malicious link, they can still compromise your device’s security. 

Link confirmation window

To prevent this, Proton Mail’s link confirmation feature can help you identify suspicious links without putting your device at risk. When link confirmation is enabled, a window will pop up whenever you click on a hyperlink contained in a message. This pop-up displays the link’s full URL, giving you a chance to inspect whether the link is suspicious. 

Learn how to request link confirmation(new window)

Protect your passwords

No organization in possession of sensitive data should ever ask for your password via email. If you receive an unsolicited email asking you for your password, or with a link taking you to a suspicious looking website asking you for your credentials, do not enter your password.

Proton Mail will never send you unsolicited emails or other communication asking you for your Proton Mail credentials. We may occasionally ask you for login details and information if you are experiencing a login problem, but only if you initiated communication with our support team.

Report phishing emails to our support team

If you receive an email that you suspect to be a phishing attack, do not click on any links or download any attachments. Instead, we have created a simple way to report the email to our support team, who will analyze the headers and contents to improve our spam filters. (Note that emails reported to us as phishing will be sent to our team unencrypted.)

Learn how to use our report phishing feature(new window)

What to do if you’ve been hacked

If you’ve fallen for a phishing scam, there are a few things you should do immediately to recover and protect your account.

  1. Log in to mail.proton.me(new window) and go to SettingsGo to settings →  AccountRecovery and verify that the Recovery / notification email address has not been changed or added by the hacker.
  2. Go to Account and passwordPasswordsPasswordChange password and change your Proton Mail password.
  3. While still on the Account and password page, enable two-factor authentication(new window) (2FA). This ensures that the hacker (and future hackers) cannot break into your account without also having access to your 2FA device.
  4. Now go SecuritySecurity logs  and the toggle Enable advanced logs switch on. This will allow you to track when and from where someone has accessed your account (or tried to).

You can also check your other settings to ensure nothing has been tampered with. For example, an attacker might whitelist their own email addresses, add spammy links to your email signature, or set up auto replies to trick your contacts.

When in doubt, ask!

If you have any doubts about whether or not an email is legitimate, please ask and confirm with the person or company that supposedly sent it. In the case of a suspicious email that claims to be from the Proton Mail Team, you can email security@proton.me, and our security team will be happy to advise you further.

If you’re not already on Proton Mail, you can sign up for a free secure email account(new window).

Proton Mail is supported by community contributions. We don’t serve ads or abuse your privacy. You can support our mission by upgrading to a paid plan(new window).

Protect your privacy with Proton
Create a free account

Share this page

Proton Team

We are scientists, engineers, and specialists from around the world drawn together by a shared vision of protecting freedom and privacy online. Proton was born out of a desire to build an internet that puts people before profits, and we're working to create a world where everyone is in control of their digital lives.

Related articles

With over 33 million registered users and more than 100,000 business customers, LastPass is one of the world’s most popular password managers. After an escalating series of highly-damaging disclosures over the last few months, LastPass has now admitt
Email headers are the hidden part of emails containing vital information to identify and authenticate messages. Learn how to read them to spot spam and stay secure. Have you received an unexpected email from a strange address? Is it actually from so
The United States is notoriously weak on privacy laws. With its secret surveillance courts and all-powerful spy agencies, the US has many tools to collect data on people within its jurisdiction and beyond. Recently, that power has been used to prose
When you encrypt files on your computer, it’s like storing them in a vault: Only someone with the correct key can access them. That’s useful if you’re concerned about hackers stealing your most sensitive documents or companies scanning your data for
Two-factor authentication (2FA) is an extra layer of protection for online accounts that requires you to use more than just your username and password to log in.  With 2FA enabled, you can protect access to your online accounts even if your password
Internet users of a certain age might recall earlier days of personal computing, with stacks of labeled floppy disks or CDs lying around the office. Those have all but disappeared thanks to the widespread availability of cloud storage, which took off