Skip to main content

The Five R's of Phishing

September 25, 2019

Don’t think something you played as a child is relevant to cybersecurity? Think again. The seemingly harmless games of our childhood – red rover, duck-duck-goose, king of the hill – are often deemed too dangerous for twenty-first-century youngsters. And it’s a shame, really. After all, another oft-banned children’s game — dodgeball — teaches applicable skills to avoid phishing threats.

The tactics of dodgeball can be summed up with five D's: dodge, duck, dip, dive and defend. Why am I going down this road? In dodgeball, it’s about avoiding the ball. In phishing, it’s about avoiding the bait. And the tactics for evading a phish can be summed up in five R's: read, review, recognize, react and report.

October is National Cybersecurity Awareness Month (NCSAM), a great time to revisit the five R's of phishing.


One must give a thorough look to avoid the hook.

Email inboxes are flooded with communications all day, every day. How long do you spend reading each email you receive to ensure it’s legitimate? If you’re not reading every single word in your messages, you could be missing big clues that can indicate phishing. Some phishing emails create a sense of urgency, but it’s important to take your time and read carefully.


One must look beyond the lines and see the signs.

Is the sender unfamiliar, their address unusual or their communication out-of-character? Are there strange links or suspicious attachments? If there are images or logos within the message do they align with what you would expect in quality and relevance?


One must be aware to avoid the snare.

Many phishing emails are easy to spot. Others are more sophisticated. Security awareness training can help prepare you for the threats in your inbox. Training can be formal or informal—the important thing is to keep yourself educated.


One must slow phishing traction with the appropriate action.

When a phishing threat is recognized, it should not be ignored. Know your organization’s policies regarding phishing emails if you receive one at work. Outside the office, have your own policy for handling a potential phish.


One must share to clear the air.

Don’t just delete. Protect others by reporting suspected phishing emails immediately. Reporting helps notify others that there’s a phish in their midst and alerts them to specific threats. In addition, your report allows internal support or your email provider to block future phishes that follow a similar pattern.

For NCSAM, just remember, cybersecurity topics aren’t always complicated. In fact, like those games from the good old days, they’re often elementary. And here are a few tools to support your NCSAM efforts.

    Rutherford Rankin

By: Rutherford Rankin

See More

Related Blogs

May 29, 2019

Four Ways to Reduce Identity and Data Risks in a Digital Economy

The use of stolen credentials ranks as one of the most commonly seen aspects of cybersecurity incidents, and loss of unencrypted data is one of the mo...

See Details

May 22, 2019

Modernise your Privileged Access Security

Privileged Access Security should not be viewed mainly as the implementation of a PAS or PAM technology and augmented (or integrated) with other third...

See Details

April 17, 2019

MythBusters: Debunking Five Common Identity and Data Management Myths

Debunking common myths about IDM. Examples: too expensive and complex; current IT teams can't support IDM evolution; custom is better; company data/IP...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.