Q: Are there any resources to help me teach my elderly parents how to spot phishing emails?
A: Despite all the sophisticated methods used to prevent hackers from breaking into our personal accounts, they can all be bypassed if they can trick you into giving up sensitive information yourself.
Far and away, the method of choice for compromising users is through sophisticated phishing messages in email, via text messaging and through social media accounts.
An international coalition known as the Anti-Phishing Working Group observed 1,097,811 phishing attacks in the second quarter of 2022 — the most they’ve ever seen.
Social media threats grew at the fastest rate, with a nearly 50% increase from the first to second quarter of 2022.
This trend is expected to grow because of the simplicity of launching widespread phishing attacks — and frankly, because it works so well.
Learning how to spot the obvious signs that something is “phishy” is a skill that everyone should work to develop as the sophistication level continues to increase.
Common signs of phishing
Just about everyone knows that a file attachment in an email message should be considered suspicious, but scammers have resorted to tricks that overcome this suspicion.
A corporate logo, a sense of urgency and just plain fear are a few ways that scammers get you to let your guard down.
As a general rule, every file attachment from anyone, including people you know, should always be considered “guilty until proven innocent,” and should never be opened or downloaded.
If the email comes from someone you know, call, text or send a separate email to them asking about the file to confirm that it’s valid.
If you receive any file attachment that appears to be from any major delivery service, such as FedEx, USPS, UPS or DHL, they are all scams — none of those services will ever send you a file attachment.
Poor grammar, strange greetings and misspelled or strange words are usually a tipoff that someone who doesn’t speak English generated the message, and it’s most likely a phishing scam.
The two biggest tipoffs of a clear scam are the email address that is used as the sender and the URL of any links contained in the message. These are also the most difficult to decipher for those who aren’t very tech-savvy.
The scammers will often use a legitimate web address at the beginning of the web address, but if you continue to inspect the rest of the link, it leads to a completely different website.
Any message that asks you to verify any kind of information, or tells you that you need to reset your password, is another red flag. If you suspect that something is legitimate, manually go to that company’s website and sign into your account. If the warning is legitimate, it will show up in your account notifications.
Online phishing quizzes
One of the best ways to help anyone learn how to spot these increasingly more sophisticated phishing tactics is through the many online phishing quizzes: