Hook, Line, and Scammer: What Is Phishing—and How to Spot It

Imagine a calm, breezy riverbank, with a cooler full of bait and cold drinks. That’s fishing at its finest. 

Phishing with a ph, on the other hand, is a term used to refer to the tricks cybercriminals use in messages, emails, and other communications to get people to reveal personal information. 

It’s an extremely common and dangerous type of cyber attack. 

Fortunately, Stratti can help you and your employees learn to spot phishing attempts. 

Cybercriminals might send texts or emails, make phone calls, or even send letters to get sensitive or financial information out of their target. They might be looking for credit card and social security numbers, or even trying to get you to buy gift cards or fake insurance schemes. Phishers often pose as reputable businesses or people so you trust them more readily. 

Often those with minimal digital experience, like the elderly, are more vulnerable, but anyone can fall victim to a phishing scheme, even with a click of a link. 

And unfortunately, phishing schemes are not only getting more common—they’re getting harder to spot. 

One of the most frequent attack vectors for phishing scams is email. Phishers can pose as businesses and websites you would usually trust, and design their emails to look like they’re coming from authoritative and credible people. Often embedded links will lead innocent users to fraudulent websites, or force a download containing malware or other unwelcome material. 

Avoiding these emails is tough. Here are some quick top tips for your team:

  1. Examine the sender’s email address: Phishing emails often use deceptive email addresses resembling legitimate ones but with slight variations. Check for misspellings or unusual characters.
  2. Pay attention to the message content: Phishing emails often create a sense of urgency or fear intended to prompt immediate action in you. Be cautious of emails demanding responses or threatening consequences for not complying (like something that looks like an email from your boss, telling you they need help or need you to go buy gift cards otherwise you’ll be fired!). Take a deep breath and remember to approach the email rationally.
  3. Hover over links before clicking: Avoid clicking links directly in emails if you’re unsure where they came from! As a preliminary check, you can hover your mouse cursor over the link to see the web address it leads to. If the link seems suspicious or doesn’t match the expected destination, do not click on it.
  4. Be cautious with attachments: Phishing emails may contain attachments that carry malware or viruses. Be wary of unexpected attachments, especially from unknown senders. When in doubt: don’t open it. 

It’s always better to err on the side of caution when it comes to protecting sensitive information. Wouldn’t you rather have to apologize to your coworker for not trusting their weird email, than apologize to the CEO for collapsing the e-commerce platform? 

The reality is phishing is getting more sophisticated, and the stakes are getting higher. 

Wondering what the fix is? 

It’s training. 

We need to be familiar with patterns, and a learned ability to discern.  Humans are the weakest link—we are often kind, empathetic people who want to help others, so we’re likely to fall for schemes that prod our kindness. The only way to protect ourselves is through ongoing education, especially as AI-driven technology makes us even more vulnerable. 

Ready to protect your employees and your business? Check out some options or call us at (530) 342-8999.