Tools For Learning How to Spot Phishing Attacks

By Bill Ford, Data Doctors

Bill-Ford-(Data-Doctors)

 

Despite all the sophisticated methods used to prevent hackers from breaking into our personal accounts, they can all be bypassed if someone  can trick you into giving up sensitive information. Far and away, the method of choice for compromising users is through sophisticated phishing messages in email, via text messaging, and through social media accounts.

An International coalition known as the Anti-Phishing Working Group (APWG – https://bit.ly/3UbBxaF) observed 1.097,811 phishing attacks in the second quarter of 2022, which is the highest number that they have ever seen. 

Social media threats grew at the fastest rate with a nearly 50% increase from Q1 to Q2 of 2022.  This trend is expected to grow because of the simplicity of launching widespread phishing attacks and frankly, because it works so well when it comes to compromising users around the world.

Learning how to spot the obvious signs that something is ‘phishy’ is a skill that everyone should be working to develop as the sophistication level continues to increase.

 

Common Signs of Phishing
Just about everyone knows that a file attachment in an email message should be considered suspicious, but scammers have resorted to tricks that overcome this suspicion.  A corporate logo, a sense of urgency, and fear are just a few ways that scammers get you to let your guard down.

As a general rule, every file attachment from anyone including those that you know should always be considered ‘guilty until proven innocent’ and should never be opened or downloaded.

If it’s someone you know call, text, or send a separate email to them asking about the file to confirm that it’s valid.

If you receive any file attachment that appears to be from any major delivery service such as FedEx, USPS, UPS or DHL, they are all scams as none of those services will ever send you a file attachment.

Poor grammar, strange greetings and misspelled or strange words are usually a tip-off that someone that doesn’t speak English generated the message and is most likely a phishing scam.

The two biggest tip-offs of a clear scam are the email address that is used as the sender and the URL of any links that are contained in the message.  These are also the most difficult to decipher for those that aren’t very tech-savvy.

Oftentimes, the scammers will use a legitimate web address at the beginning of the web address, but if you continue to inspect the rest of the link, it leads to a completely different website. 

Another red flag is any message that asks you to verify any kind of information or tells you that you need to reset your password.  If you suspect that something is legitimate, manually go to that company’s website and sign into your account.  If the warning is legitimate, it will show up in your account notifications.

 

Online Phishing Quizzes
One of the best ways to help anyone learn how to spot these increasingly more sophisticated phishing tactics is through the many online phishing quizzes:

Federal Trade Commission: https://bit.ly/3ztBwa6
Google: https://bit.ly/3zq90pU
OpenDNS: https://bit.ly/3zqfPaP
SonicWall: https://bit.ly/3zq8VCt
PhishingBox: https://bit.ly/3NoFcja
NexusTek: https://bit.ly/3sIwcMi
ESET (video): https://bit.ly/3U5qXlb