Phishing and How To Not Take the Bait

Welcome back for Week 3 of Cybersecurity Awareness Month 2023. This week, we’re talking about how to resist phishing attacks. Special thanks again to CISA and to KnowB4 for the resources for this series. Catch up on Week 1 and Week 2 if you missed them!

So, What’s Phishing?

Phishing occurs when criminals try to get us to open harmful links, emails or attachments that could request our personal information or infect our devices. Phishing “bait” usually comes in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organization, to get us to respond.

Stay Safe with Three Simple Tips

1. Recognize
Look for these common signs:
• Urgent or emotionally appealing language, especially messages that claim dire consequences for not responding immediately
• Requests to send personal and financial information
• Untrusted shortened URLs
• Incorrect email addresses or links, like
👉A common sign used to be poor grammar or misspellings, but in the era of artificial intelligence (AI) some emails will now have perfect grammar and spellings. Be sure to look out for the other signs.

2. Resist
If you suspect phishing:
• Resist the temptation to click on links or attachments that seem too good to be true and may be trying to access your personal information.
• Report the phish to protect yourself and others.
👉Typically, you’ll find options to report near the person’s email address or username. You can also report via the “report spam” button in the toolbar or settings.

3. Delete
Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link.
👉 Just delete.

If a message looks suspicious, it’s probably phishing. However, if you think it could be real, don’t click on any link or call any number in the message. Look up another way to contact the company or person directly:
• Search for the company’s website in your web browser and capture their contact information from the verified website.
• Use another way to reach the person to confirm whether they contacted you. For example, if you get a strange message from your friend on Facebook, and you have their phone number, text or call them to ask if they sent the message.

🧐 Want to see phishing in action? >>>
1. Watch a hacker use social engineering to gain access to someone’s computer.
2. Take this interesting quiz and see if you can spot when you’re being phished (its tough!).

Most of all, remember 👇