Skip to main content

Phishing

By Ben Warriner

This is Part 1 of a 4-part series on cybersecurity. Today, we’re covering phishing—what it is and how to spot it. Stay tuned for more!

Phishing, what is it?

Put simply, Phishing is an online scam where bad actors send emails to collect information.

You can review this video for a brief explanation:

Does Phishing only occur with Emails?

No. While phishing is most common over email, phishers also use phone calls, text messages, and even web searches to obtain sensitive information.

What is the Difference Between Spam and Phishing?

Spam emails are unsolicited junk messages with irrelevant or commercial content. They may advertise quick money schemes, illegal offers, or fake discounts. Phishing is a more targeted (and usually better disguised) attempt to obtain sensitive data by duping victims into voluntarily giving up account information and credentials.

Why should you care about phishing emails?

A successful phishing attack can have profound consequences. This might look like stolen money, fraudulent charges on credit cards, lost access to photos, videos, and files—even cybercriminals impersonating you and putting others at risk. At work, risks to your employer could include loss of corporate funds, exposure of customers’ and coworkers’ personal information, sensitive files being stolen or being made inaccessible, not to mention damage to your company’s reputation. In many cases, the damage can be irreparable.

Here's a brief video that covers the things to look out for in emails that may help you realize that they're phishing. 

How Do You Identify Phishing Scams?

The primary goal of any phishing scam is to steal sensitive information and credentials. Be wary of any message (by phone, email, or text) that asks for sensitive data or asks you to prove your identity. Attackers work hard to imitate familiar entities and will use the same logos, designs, and interfaces as brands or individuals you are already familiar with. Stay vigilant and don’t click a link or open an attachment unless you are certain the message is legitimate.

Here are tips for recognizing a phishing email:

  • Urgent threats or calls to action (for example: “Open immediately”).
  • New or infrequent senders—anyone emailing you for the first time.
  • Poor spelling and grammar (often due to awkward foreign translations).
  • Suspicious links or attachments—hyperlinked text revealing links from a different IP address or domain.
  • Subtle misspellings (for example, “micros0ft.com” or “rnicrosoft.com”)

In Part 2 we’re going to cover the various types of phishing emails you need to be aware of.

Check out Part 2, Part 3, and Part 4 of this series.

Region 7 ESC Blog, Benjamin Warriner Ben Warriner is a Network Security Specialist for Region 7 ESC and has been a Certified Information Security Manager® (CISM®) since 2019. He has worked at the ESC since 2009 and has been working on the cybersecurity of the ESC since 2014.
 
Published