I want to be a real bass phisherman…

Given our recent spate of phishing emails, I thought I would take a few moments to talk about the wonderful sport of phishing.

Well, not that kind of phishing. I am referring to phishing, a concerted effort by an attacker to get some type of information from you in order to do bad things. Bad things like take your money, your identity, hack into your college accounts, take student information, and steal your puppy.

Just kidding about that last part, they probably will not steal your puppy. That being said, phishing is bad news. That’s why I am going to offer some quick tips on how to spot a phishing email.

  1. It just doesn’t look right: Too good to be true? I know that someone in Nigeria wants to send you money, but they already sent it to me. Trust your instincts.
  2. Generic salutations: Phishing emails use generic salutations like “Dear customer”. This saves the criminals time. I recently received an email directed to “Dear null”, so it appears someone had a hard time with programs (Note: geek humor)
  3. Links to official looking sites: These sites are spoofed to make them look like your bank, for example. Take a good look at the site URL. It will not be the official banking site.
  4. Unexpected specific emails: Phishers use social media sites like LinkedIn to insert specific info about you to make you more likely to take the bait. If you not recognize the sender, it is probably phishing.
  5. Scary phrases: YOUR ACCOUNT HAS BEEN HACKED!!!! PLEASE LOG IN IMMEDIATELY AND CHANGE YOUR PASSWORD!!! Do not react to this, because this is a tactic to get you to willingly give up your credentials.
  6. Poor grammar and spelling: Phishing emails are often poorly constructed, and odd grammar and spelling is a dead giveaway.
  7. Sense of urgency: Like the scary phrases, the phishers try to get you to act in an urgent manner, but saying things like “your credit card will be charged unless you contact us immediately” or other phrases similar to this.
  8. Grand Prize Winner!!!!: This is immediately a giveaway. Don’t take the bait, and also remember there could be a survey you can take with the promise of a reward afterwards. Do not take the bait.
  9. Verify your account: Phishers want you to log into something and give away your credentials. Always question why you would need to verify an account.
  10. Cybersquatting: Attackers use domains that are similar to real sites to get you to unknowingly enter your information (think g00gle.com versus google.com). Always take a look at the address to make sure you are where you want to be.


Remember to always check with your friendly IT staff if you have a suspicion something is wrong. Also, check out the Sophos phishing site, which gives you a lot more info about phishing as well as a handy flowchart you can use to help identify phishing emails: https://www.sophos.com/en-us/lp/anti-phishing/prevention.aspx

*All GIFS provided by Giphy