What is Phishing?
Phishing is a cybercrime where scammers pose as legitimate institutions in an attempt to trick you into revealing personal information. Typically, these are emails that appear to come from trustworthy sources like your bank, a government agency, or even a familiar retailer.
Red Flags in Phishing Emails
Misspelled Domains or Email Addresses
Always look at the domain name of the sender. Phishers often use slight misspellings or extra characters to make their email address seem genuine. For example, an email from 'info@amazzon.com' instead of 'info@amazon.com.'
Urgent or Threatening Language
Phishing emails often create a sense of urgency or panic to prompt quick action without thinking. Phrases like "Your account will be suspended," or "Immediate action required," are red flags.
Hyperlinks and Attachments
Be cautious with emails that ask you to click on a link or download an attachment, especially if you did not expect to receive them. Hover your cursor over the hyperlink to see the destination URL. If it looks suspicious, do not click it.
Generic Greetings
Most legitimate businesses will address you by your full name. Phishing emails commonly use vague greetings like “Dear Customer” or “Account Holder.”
Unusual Sender
Sometimes phishing emails will come from addresses that you recognise, but are not typical for the entity to use for communication. Always double-check the sender's email address.
Steps to Verify
Contact the Company Directly
If you're unsure about an email, contact the company directly using verified methods such as their official website or customer service number.
Check for Previous Correspondence
Look at past emails from the institution and compare them to the questionable one. Check for consistency in branding, tone, and type of information requested.
Use Web Search
Sometimes a quick web search using a trusted web search browser and the email subject line or a sentence from the body can reveal if it is part of a known phishing campaign.
What to Do If You've Been Phished
Change Passwords
If you clicked on a phishing link and provided sensitive information, change all your passwords immediately. Make sure to update passwords for sites that share login information with the compromised account.
Monitor Financial Accounts
Check your bank and credit card statements for unauthorised transactions and report any discrepancies right away. Consider signing up for a credit report from a credit reference agency to enable you to monitor whether anyone has or attempted to take credit in your name.
Report It
Forward phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org. You can also report phishing to the Federal Trade Commission (FTC) at ftc.gov/complaint.
Use Two-Factor Authentication
As an added layer of security, use two-factor authentication (2FA) wherever possible. This can prevent unauthorised access even if your password gets compromised.
Phishing is a growing threat in the digital landscape, but you can protect yourself by being vigilant. Learning to recognize the signs of phishing emails is the first step in ensuring that you don't get hooked. Teach these practices to family and friends—especially those less tech-savvy—to make the digital community a safer place for everyone. Remember, when it comes to phishing, it's always better to be skeptical than regretful.