Phishing attacks continue to remain one of the biggest cyber threats, targeting both individuals and businesses alike. According to the U.S. Army Reserve, 3.4 billion phishing emails are sent daily around the globe. These phishing attacks can lead to data breaches, ransomware infections, identity theft, and more. The first step in protecting yourself from a phishing scam is learning to spot the warning signs.

What is Phishing?

Phishing is a cyberattack that attempts to gain access to your money or your personal information, primarily carried out via email. These scammers may pretend to be reputable companies, friends, coworkers, or other trusted individuals, when in fact, they are fake accounts sending emails that may contain malicious links or attachments.

What to Look Out For

Imagine you are scrolling through your email inbox and come across a message that appears to be from a shipping company. The email claims that the company was unable to deliver a package to you, and for you to receive the shipment, you must click a link to verify your information immediately.

The contents of this message should send off warning signals in your mind.

As scammers increasingly use artificial intelligence to craft emails, traditional warning signs like spelling mistakes, poor grammar, and formatting issues are less common. Instead, be alert for these red flags that may indicate a phishing attempt:

1. Suspicious sender addresses – Review the sender’s address to see if it matches the email address typically used by this individual or company. Scammers will make small domain name changes in the hope that you will not recognize the difference.
2. Requests sensitive information – One goal of a phishing email is to gain access to your information and/or devices. Real companies will not ask for sensitive information including Social Security numbers, passwords, or credit card numbers by email or phone.
3. Urgent language – In an attempt to trick an individual into believing the fake email, the scammer will urge you to act quickly, hoping you won’t think through the warning signs of the communication. If an email urges you to act immediately, take a moment to examine it because it is likely a scam.
4. Unexpected attachments or links – The quickest way for these scammers to obtain your information or gain access to your device is by convincing you to open an attached file or click on a link. Clicking the link or attachment may unleash a virus on your device, giving the scammer remote access to steal your personal information. Avoid opening or downloading unexpected files and clicking on links without investigating them. If you are suspicious of it, err on the side of caution by not clicking it. Instead, use a trusted form of communication to reach the person and confirm whether the message is legitimate.
5. Generic wording – Because the individuals behind phishing scams do not have your personal information, they tend to use very generic wording such as “Valued Customer” when addressing you instead of your name. If the message seems overly vague, this could be a sign that it is a phishing attack.

How to Report Phishing

If you believe that you have received a phishing email, you should report it immediately.

1. Report it to the Federal Trade Commission at https://reportfraud.ftc.gov/.
2. Delete the email.

If you receive a phishing email at work, review your company’s IT policy for phishing reporting.