How To Spot A Phishing Attempt

What is it and what to look for

Photo by Fernando Arcos from Pexels

Phishing, the crime which tricks victims into giving away personal details that can be used for identity theft, is on the rise in North America. Police, Internet security, and consumer groups in both the US and Canada have issued public warnings about the alarming increase in fake emails, phone calls, and SMS texts that pretend to be from legitimate sources.

Cyberattacks come in different forms


Often, emails and text contain a link that seems genuine. When clicked upon, it takes users to fake websites that look like the real thing.
Once victims have been convinced they’re dealing with a genuine organization, they are tricked into handing over their personal information. This includes sensitive information about bank and store accounts, usernames, sign-on logins, passwords, and email addresses.

The best defense is common sense


“Phishing is the simplest kind of cyberattack and, at the same time, the most dangerous and effective,” says leading online security firm Malwarebytes.

Recognizing a phishing attack isn’t always easy, the firm says, but following a few commonsense rules should help you identify most or all of them. Something’s phishy it adds, if:

  • The message is asking you to provide personal information, especially if it seems to come from a bank or tax authorities.
  • The website address (URL) shown in the message is not the same as the one that appears when you hover your mouse over it.
  • The message or website logos and design look similar but not quite right compared with what you’re used to.
  • The content of the message or the website is poorly written with misspellings and bad grammar.
  • The message strikes a note of urgency, calling for immediate action and threatening some trouble if you don’t give the requested info.
  • An email contains an attachment that you weren’t expecting, This may pretend to be an important document. If you didn’t ask for it, don’t click on the attachment.

Another red flag for a phishing attempt can be identified when an email isn’t addressed personally to you. According to another Internet security firm, Webroot, it may start off with something like “Dear Customer…” To avoid falling victim, Webroot recommends: Using your own link to investigate information requests. Go directly to the genuine website and check your account there. Use software that identifies malicious websites and emails. Keep your security software up-to-date. If you find you are the victim of a phishing scam, change all of your passwords immediately, it adds.