How to identify phishing attempts

How to identify phishing attempts

Phishing attempts are dime a dozen, the first thing to remember is that scammers will use email or text messages to trick you into giving them personal details. The culprits launch hundreds of phishing attacks every day and they are often very successful. As a result the FBI’s Internet Crime Complaint Center reported that in 2019, people lost $57 million to phishing schemes in one year.

These scammers very frequently update their tactics and methods; however there are surefire ways to recognize phishing emails.

Phishing messages most frequently look like they’re from someone you trust. These phishing attacks look like they’re from a bank, your credit card processor, a social networking site or a store you visited.

These emails tell a believable story that tricks you into clicking on a link or opening an attachment. The store is often so good, you don’t think twice about opening it!

  1. Say they’ve noticed suspicious activity or log-in attempts
  2. Claim there’s an issue with your account
  3. Claim there’s an issue with your payment method
  4. Ask you to verify some personal information
  5. Tttach a fake invoice, or statement from a colleague

A very common phishing scenario

Save a friend phishing scenario

This phishing scenario seems very real. Typically it impersonates a coworker, or, your boss! It comes in a form of a quick sentence, stating that he or she is busy and can’t speak, but needs funds transferred immediately to assist a client, or find their way back home from a conference. Who can say no to their boss?

How to protect your self from phishing

  1. Protect your organization by using security software.
  2. Enable multi factor authentication
  3. Protect your data by backing it up
  4. VERIFY with the supposed individual sending this request that it’s actually coming from there. DO NOT reply to their email, start a new thread, or call directly.
  5. Do not provide sensitive personal information (like usernames and passwords or payment details) over email.
  6. Watch for email senders that use suspicious or misleading domain names.
  7. Inspect URLs carefully to make sure they’re legitimate and not imposter sites
  8. Do not try to open any shared document that you’re not expecting to receive.
  9. If you can’t tell if an email is legitimate or not, please contact your management team, but never forward the email!

How to report phishing

If you’ve received a phishing email please report it. The information you give can help fight the scammers.

Step 1. Using your email client, follow the instruction to file a report. Typically by right-clicking on the email and following the options

Step 2. Forward the email to the Anti-Phishing Working Group at reportphishing@apwg.org

Step 3. Report the phishing attack to the FTC at ftc.gov/complaint

Step 4. Continue to stay vigilant