The article provides some good advice. Unfortunately, it falls short in some areas. In particular, it focuses exclusively on Windows clients, and it doesn’t emphasize enough or indicate the two most effective measures one can take to protect oneself from phishing:

1. Educate yourself on the sorts of things that can identify phishing for you. Yes, the article does some of this, but it doesn’t emphasize the importance enough, or the fact that you should learn more about it than this article provides. Also, the article tends to focus on preventive tools, rather than old-fashioned eyeball-parsing examination of the emails themselves. Tools can be fooled: a well-educated, savvy user can be more difficult to deceive. In particular, viewing the source of HTML emails is typically very effective for providing information on phishing scams.

2. Less obviously, perhaps, but extremely effective, is the practice of using text-only email clients. These make it immediately obvious when someone’s trying to use a phishing scam. For instance, earlier this morning I received an email purporting to be form, complete with spoofed source address. The email was all HTML formatted, however, and the links on the page often used URLs that were not at, giving away the scam rather quickly and easily. Viewing all email as plain text also ensures that simply opening the email will not cause it to infect your system, whereas markup interpretation by your mail client software often can cause an email macro virus or similar threat to be activated without doing anything more than viewing the email.

If you refuse to use a text-only email client, at least turn off the preview pane in your mail client so that emails aren’t automatically opened when you highlight the email in your inbox. Make it difficult for any malicious activity in your inbox to occur in an automated fashion. This will also help cut down on spam, as off-site email embedded image links (and similar techniques) can also be used to confirm an active email address to which to send more spam.