Fraudsters and cybercriminals are clever manipulators of human behavior. Using email, text, social media, and even video games as a method through “phishing” remains a timeless tactic by thieves hunting for potential victims. Phishing is designed to steal personal information directly, or by getting the victim to click on an embedded link or attachment.
National Institute of Standards and Technology (NIST) defines “phishing” as a technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a website, in which the perpetrator masquerades as a legitimate business or reputable person. Also, as using social engineering techniques to trick users into accessing a fake website and divulging personal information.
According to the IRS, Here are some red flags for which to watch out:
Grammatical oddities - Poorly written emails with unusual word choices are a serious red flag.
Suspicious requests - Always be wary of any unusual requests or sharing information before verifying the sender's legitimacy.
Spoofed emails - Scammers can mimic previous customer emails, making them appear genuine. Don't be fooled – verify the sender's address independently.
From Microsoft here are some ways to recognize a phishing email:
Urgent call to action or threats - Be suspicious of emails and messages that claim you must click, call, or open an attachment immediately. Often, they'll claim you have to act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams.
First time, infrequent senders, or senders marked [External] - While it's not unusual to receive an email from someone for the first time slow down and take extra care at these times. Take a moment to examine it extra carefully using some of the measures below.
Spelling and bad grammar - If an email message has obvious spelling or grammatical errors, it might be a scam.
Generic greetings - An organization that works with you should know your name and these days it's easy to personalize an email. If the email starts with a generic "Dear sir or madam" that's a warning sign.
Mismatched email domains - If the email claims to be from a reputable company, like Microsoft or your bank, but the email is being sent from another email domain like Gmail.com, or microsoftsupport.ru it's probably a scam. Also be watchful for very subtle misspellings of the legitimate domain name. Like micros0ft.com where the second "o" has been replaced by a 0, or rnicrosoft.com, where the "m" has been replaced by an "r" and a "n". These are common tricks of scammers.
Suspicious links or unexpected attachments - If you suspect that an email message, or a message in Teams is a scam, don't open any links or attachments that you see. Instead, hover your mouse over, but don't click the link. Look at the address that pops up when you hover over the link. Ask yourself if that address matches the link that was typed in the message.
IRS suggest to always require strong passwords. A strong password is at least 12 characters that are a mix of numbers, symbols and capital and lowercase letters. Never reuse passwords and do not share them on a phone, in texts or by email. Limit the number of unsuccessful log-in attempts to limit password-guessing attacks
Remember, it’s always better to be cautious than compromised.
View Cybersecurity Basics from the Federal Trade Commission:
NIST glossary for Phishing:
Read more on Protect yourself from phishing from Microsoft:
Read more from the IRS here:
Comments