Phishing is still a thing!
With all the headlines about "company A got hacked" or "college B had a breach", it is easy to overlook the fact that many breaches begin with a successful phishing attempt.
A phish is when bad actors send you a message, whether through email, instant message, or otherwise, that appears to be legitimate but is actually tricking you into taking an action that is against your own best interest. These messages will often spoof the most popular brands that many or most people use such as Amazon, Netflix, Google, Microsoft, and others but may also attempt to spoof you, your friends, classmates, or co-workers in an attempt to leverage the trust they have.
Spotting a phish can sometimes be very easy but is often very difficult. Stay vigilant against phishing attempts involving AI: Remember, legitimate organizations won't ask for sensitive information via AI chatbots or emails. Always verify the source and be cautious when sharing personal data
All but the most expertly crafted phishing emails have a "tell".
For more information, facts, and figures about phishing, please see this Tip Sheet.
Here are some ways to identify a phishing message: