Phishing is still a thing!

With all the headlines about "company A got hacked" or "college B had a breach", it is easy to overlook the fact that many breaches begin with a successful phishing attempt.  

A phish is when bad actors send you a message, whether through email, instant message, or otherwise, that appears to be legitimate but is actually tricking you into taking an action that is against your own best interest.  These messages will often spoof the most popular brands that many or most people use such as Amazon, Netflix, Google, Microsoft, and others but may also attempt to spoof you, your friends, classmates, or co-workers in an attempt to leverage the trust they have.

Spotting a phish can sometimes be very easy but is often very difficult.  Bad actors have been at this a long time and have taken steps to perfect their craft. It is for this reason we must be extra vigilant and question every message we get, especially if it is unexpected, is asking us to do something, sounds urgent, or has an attachment.  

All but the most expertly-crafted phishing emails have a "tell".

Here are some ways to identify a phishing message:

If you see something, say something!

Aside from avoiding phishing and deleting it, the best thing you can do is report it.  This lets others know that the phishing is happening. In the case of reporting buttons, it will also often add to the algorithms that detect spam and phishing and help the email provider recognize this better in the future and catch it before it makes it to you. 

Reporting phishing may be different depending on your email provider.  The majority of the consumer mail providers, however, generally make it simple and straightforward.

Below you will find some links on how to report phishing attempts to some of the major email providers:

1. Gmail
2. Outlook.com
3. Yahoo
4. Protonmail

For more information, facts, and figures about phishing, please see this Infographic and this Tip Sheet.