How to avoid getting “hooked” by a phishing scam

According to the CAFC $310 million dollars was reported lost to investment fraud in 2024, many of this is due to phishing schemes.¹ To keep yourself, your family, and your assets safe from phishing scams, it’s important to understand what they are and how to spot them so you can avoid getting “hooked.” This article outlines the basics you need to know.

Hackers often use phishing emails or text messages to try and get you to perform a specific task, such as clicking on a malicious link, opening a malware-infected attachment, or providing sensitive personal information or login credentials. Socially engineered phishing emails and texts are the most dangerous, because they often look like the real thing, posing as a company you know and trust. 

While bad actors can be clever, there are often ways to spot a phishing email or text, if you pause and look closely. They may:

• Threaten negative action unless you do something NOW. Phishing emails and texts are designed to make you panic by claiming your account will be closed or has been compromised – and the only way to make it right is to perform the action (click the link, open the attachment, or enter your information) right now. Any time an email or text makes a threat or demands urgent action, you should be suspicious. Banks and other legitimate businesses will never send emails or texts like that.
• Ask you to confirm personal information, login credentials, or sensitive data. Although they may look authentic, phishing emails and texts will ask for information that banks and other legitimate businesses would never ask you to provide, such as personal information, banking details, or login credentials.
  
• Sound unprofessional. May include poor grammar, spelling mistakes, or unusual greetings. Phishing emails and texts may be poorly written, including grammar that isn’t quite right, spelling mistakes, or language that just doesn’t sound professional. If it looks like it’s coming from a colleague or friend and starts with “Dear” or another formal greeting, you should also be suspicious.
• Have web and email addresses that don’t jive. One of the easiest ways to spot a phishing scheme is to look at the email address it’s coming from. If it doesn’t match the company or website that you’re familiar with, or it comes from an email address that is not obviously associated with the supposed sender, it is probably from a bad actor. You may need to look closely to see the difference.
• Include suspicious attachments or links. If you’re not expecting an email with an attachment or link from a company or person, you should always use caution, as it could be malicious. Even if you think it’s legitimate, take the time to scan it using antivirus software.
• Sound too good to be true. Some phishing emails will try to incentivize you into clicking on a link or attachment to collect a “reward” of some kind. If it sounds too good to be true, it probably is.
• Play on your emotions around a recent world event. Bad actors are also very good at using local or world events to trigger emotions and get people to take action. For example, they might send an email claiming to know the cure for COVID-19 or asking for donations to a local town devastated by wildfires. These may seem authentic, but you’ll need to look closely to make sure.

Congratulations, you’re “o-phish-ally” schooled in tips and tricks to help spot phishing schemes. Continue to be diligent, question what seems off and, back up your data regularly (and then again after that)!