Phishing is still a thing!
With all the headlines about "company A got hacked" or "college B had a breach", it is easy to overlook the fact that many breaches begin with a successful phishing attempt.
A phish is when bad actors send you a message, whether through email, instant message, or otherwise, that appears to be legitimate but is actually tricking you into taking an action that is against your own best interest. These messages will often spoof the most popular brands that many or most people use such as Amazon, Netflix, Google, Microsoft, and others but may also attempt to spoof you, your friends, classmates, or co-workers in an attempt to leverage the trust they have.
Spotting a phish can sometimes be very easy but is often very difficult. Bad actors have been at this a long time and have taken steps to perfect their craft. It is for this reason we must be extra vigilant and question every message we get, especially if it is unexpected, is asking us to do something, sounds urgent, or has an attachment.
All but the most expertly-crafted phishing emails have a "tell".
Here are some ways to identify a phishing message: