By the MenHerr Research Team · Salinas, California
Phishing is, unglamorously, the largest single category of incidents we respond to. Roughly 6 in 10 cases that come through our support line in Salinas start with a single bad click. The good news is that almost all of them could have been prevented by the same six habits — none of which require any new software.
Phishing emails almost always succeed because the recipient looks at the friendly display name ("Wells Fargo Security") and not the actual sending domain. Train yourself to expand the address before doing anything else.
If an email asks you to log in somewhere, open a new tab and type the address yourself. This single habit defeats the vast majority of credential-harvesting pages because the attacker's lookalike domain is never visited.
On desktop, hover over a link for one second. The browser shows the real destination at the bottom-left. If it does not match what the email claims, stop.
"Your account will be closed in 24 hours" is the single most common manipulation we see. Real institutions do not communicate consequences this way.
A password manager will not auto-fill credentials on a domain it does not recognize — which means it quietly refuses to help you on every phishing page you ever visit. That alone is worth installing one.
Even if a phishing page captures your password, a second factor (an authenticator app or hardware key) blocks the attacker from logging in. Prioritize email, banking and your password manager itself.
If you would like a printable one-page version of these habits to share with family members, email support@menherrantivirus.com and we'll send one over.