What is Phishing and How To Spot It

The blog Phishing.org defines phishing as

a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.






We've all been exposed to phishing emails. It's easy to be taken in by them, although it is also possible to avoid them with a little knowledge and effort. The phishing scammers are getting more sophisticated but fortunately the basic rules for spotting these scams still work in most instances. This graphic has a lot of good advice.

https://www.knowbe4.com/what-is-social-engineering/

Notice that the graphic contains advice for business email users, not just personal ones. If you use email at work, please pay attention! This advice is related to another common fraud called spear phishing. That's an attempt to get insider information from a business--information like email addresses of top executives or access to customer data. Sometimes the data will be used directly, as in an order from the CEO to transfer money to a fraudulent account. At other times it will be used to breach the system and install malware, permitting long-term damage. In any event, this post focuses on the personal email user.

The basic advice for spotting phishing emails is:

1. If it sounds too good to be true, it undoubtedly is.
2. It is urgent; the recipient will miss out unless she responds immediately.
3. It asks for personal information. Never reply to this type of email, even if (especially if) it purports to be from an institution like the IRS or your bank. Never. Period. Don't even confirm personal information sent to you in an email.
4. The sender is unknown or looks fishy (pun intended :).
5. There are hyperlinks that look strange--don't match the sender, for example. It's best not to even click on these links to check them out.
6. It's poorly written with spelling and grammatical errors or awkward sentence structure.
7. It has an attachment. Don't even bother to examine the attachment closely--if the email is in any way suspicious don't open the attachment. Malware lives there.
8. WHEN IN DOUBT, JUST DELETE IT. 

The chances you are going to ignore a legitimate email that has any of these characteristics is pretty low. However, it you're a worrier, pick up the phone and call the supposed sender. That's safe!

All legitimate internet businesses are concerned about phishing; it makes the internet less trustworthy for all of us. Google has performed an excellent service with this exercise in spotting phishing emails. Use the link provided and give it a try!

https://phishingquiz.withgoogle.com/

Don't worry about being embarrassed by naivete. I missed a rather humiliating number of the 10-item quiz and Google was very nice about it!

Take the quiz and stay safe!