Time to go phishing.

… and I do mean “Phishing” not “Fishing”.

As technology is changing and there’s multiple ways to interact with someone held in the palm of their hand, phishing scams are becoming more and more common. They used to be a phone call on your landline stating a bill was passed due to get your payment or personal information with a hurried string of false information designed to throw you off guard and imply a fake sense of urgency. Now it’s emails stating your account is being suspended, texts pretending to be wrong numbers, phone calls asking for bail money for a grandchild, something as simple as a click through link. Ever evolving ideas to get pieces of information, bank accounts, micro transactions, access to your emails or passwords. It can be hard to keep up!

My work sends out phishing tests a few times a month, to teach us new ways to identify and report scams that come into our inboxes. If you unfortunately fall for one of them you automatically get signed up for a 30-minute training session where you have to identify obvious and sometimes not so obvious ploys to gain access to your information. And if you repeatedly fall for them you get one on one time with our IT department so they can walk you through it personally to hopefully sink the information in.

When I used AT&T for my cell phone plan I would always receive emails about promotions, billing, monthly statements, the normal communications I would expect from a phone company. But on one rare occasion I received an “urgent” email stating my services would be discontinued immediately due to a payment I never made. There was a link to click through to reach a payment option and a phone number I could call to pay via a customer service agent. Thankfully, it wasn’t my first phishing rodeo. I checked multiple pieces of data before even entertaining this idea of a missed payment when I had my bill set to autopay on a certain day each month. The email address the message was sent from did not match AT&T’s normal email threads, the clickable link redirected to a completely random URL, and the phone number when Googled lead to countless blog posts about it being linked to fraud. All of these details made it abundantly clear that this email was designed to make me act out of fear of losing my access to my phone and internet. Making a payment on a contrasted website, or through a phone agent who would then have my credit card information and the ability to process a transaction that was unnecessary.

Most of us joke about the emails that land in our junk or spam folder claiming to be a Nigerian Prince who speaks broken English claiming he can’t gain access to his unlimited riches, we just have to commit wire fraud to help him out! But the sad truth is that those emails don’t always get filtered into a junk/spam folder and wind up in an inbox of someone not so savvy or up to date with the latest scams running rampant through the web. These people will unknowingly click the links or respond to these emails leaking their own private information or granting access to their accounts or finances thinking it is necessary or normal. And as these scams grow more bold and constant we have to constantly check all the information before clicking anything.

Common things to look for are:

• Check the email it was sent from. Does the domain match?
  • Examples: if an email claims to be from Amazon the domain should be @amazon.com but a phishing email could come from @aamazon.com @amazin.com @a.amazon.com
  • It is important to double check that the email is correct otherwise it could have nefarious purposes.
• Read the email in its entirety. Are there major spelling errors or common grammatical errors that could mean english isn’t the person’s first language.
  • An email coming from a professional and well established business will have been proofread and sent out on a large scale to a wide range of clientele meaning they would try to avoid errors as it looks unprofessional.
• Is a logo being used within the email, or any imagery?
  • If you receive emails from a business it will include their logo or standard imagery associated with the entity.
  • If the email doesn’t seem to match their usual design, it could be fake. Double check their logo, sign off, or links at the bottom.
• Links! Most emails contain clickable links that will redirect you to their website, but don’t automatically click them if you think this could be a scam email.
  • If using a computer you can hover your cursor/mouse over a clickable link to fully display the link in its entirety. If that link doesn’t direct you to that company’s website and instead to an unknown domain it is likely a phishing scam designed to deceive you in some way.
  • Often it will redirect you to a site asking you for sensitive information, payment information, or asking you to log into your account to access your password.
  • NEVER click a link if you can’t trust where it leads. Better to be safe than sorry.