Can You Spot When You’re Being Phished?

Identifying phishing can be harder than you think. Phishing is an attempt to trick you into giving up your personal information by pretending to be someone you know. Phishing attacks “cost organizations $4.5 billion every year and over half of internet users get at least one phishing email per day,” according to Dell EMC.[1]

Tips to Identify Phishing:

  • Even if you recognize the display name (for example, the email is from your bank) and there is a generic salutation like “Dear Trusted Customer” instead of “Dear [your first name],” request that your institution verify the email was indeed from them.
  • Poor grammar in the body of any email is a red flag as are spelling mistakes.
  • Hover your mouse over any hotlinks in the email. If the link address has any type of spelling mistakes, highly likely the email is phishing.
  • Understand that the financial and insurance institutions you do business with will never ask for your credentials.
  • Don’t click on attachments. Take the extra minute or two to verify the information in the attachments.

What You Can Do:

  • If there is an opportunity for you to activate two-factor authorization, do so. Two-factor, also known as 2FA, is a method of confirming users’ claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.[2] If this feature is enabled, that is your best bet against phishing. Even if someone steals your password they won’t be able to access your account.
  • Check out Jigsaw, a Google offshoot, owned by Alphabet. Jigsaw is trying to teach the public on how to be more cautious. They recently released an online quiz that displays examples of phishing emails side by side with legitimate ones and asks users to guess which is which. The quiz was created based on security training from journalists, activists and political leaders around the world. You can take the quiz by clicking

Phishing is a cybercrime. If you have been targeted, contact your identity theft resolution provider as soon as possible. Your personally identifiable information (PII) should be yours and yours alone.