Whether you have heard the term before or not, chances are you have encountered a phishing attempt via email, social media, or even over the phone. In broad terms, phishing is an attempted cyberattack in which someone impersonates a legitimate institution or familiar individual, in order to trick victims into sharing personal information.

The information requested by the phisher may include financial information, such as band details or credit card numbers, which can be used to their advantage. Other phishing schemes try to gain access to private accounts or sensitive personal data, including passwords, health information, and geospatial location. Using these details, phishers can carry out identity theft.

Phishing schemes often target the most unsuspecting people, including students and the elderly. These are demographics who may not have had as much forewarning, or access to information about common phishing schemes. In fact, according to the 2022 State of School Safety Report, students are the demographic group that feels the least prepared to deal with cyberattacks and digital threats.

We have outlined some of the serious consequences that can result from a successful phishing attempt. But what does phishing look like? And how can you tell that a phishing scheme is what you are encountering?

Phishing scams can occur over the phone, online in website form, via social media, or in emails. Two of the most common phishing methods are email spoofing and website spoofing.

Email spoofing involves sending an email from an account that seems legitimate, like Netflix, your bank, or a co-worker, when in fact you are corresponding with someone attempting to get information or data from you.

Website spoofing is when you, the unsuspecting victim, encounter a website that requires sensitive information or financial details in order to access the site.

Sometimes these methods are used to bolster each other. A phishing email can encourage you to click on a link that leads to a spoofed website, and on that site you may have to enter private details.

This type of phishing scheme is particularly significant for students, who may not know how to distinguish a legitimate research site from a fraudulent one. Sites posing as research resources can require sensitive details in order for students to access information, or can require students to download a seemingly harmless browser extension. This type of browser extension can then automatically install malware or spyware on the student’s computer and track their online activity in the process. Students can avoid these possibilities by sticking to well-known, vetted, legitimate research sites.

Legitimate websites like PayPal, LinkedIn, and Gmail will send users a notification when fraudulent activity is suspected. But hackers are using these notifications to their advantage.

Since we are so accustomed to receiving emails from these familiar companies that say things like “unusual sign-in attempted”, we may not think twice about clicking on the links in these emails to address the issue. By simply hovering over the link, however, or taking a closer look at the contact sending the email, we will quickly discover that what seems familiar is in fact an attempted scam. Or take further steps to ensure that the email is legitimate, such as following the Gmail anti-phishing security protocols.

We have addressed some of the ways you can protect yourself against phishing scams, but let’s reiterate them here. Common sense and trusting your gut are two of the most valuable assets when it comes to preventing identity theft and other successful phishing attempts. If you open an email and something seems off, take some time to follow up. If the email appears to be from your boss, friend, colleague, or family member, contact them separately through a different format to confirm that they did indeed make that email request that set your internal alarm bells ringing. If the email is from an organization, whether previously unknown to you or very familiar, take a closer look at the email itself. Often simple mistakes or strange graphic design choices can reveal the falsity of the email.

The same goes for websites, especially sites attempting to impersonate well-known sites. Double check the website address- if it ends with a .htm or .html, beware. That site is likely installing malicious software on your device. If the site address seems okay but you are still not sure, copy and paste it straight into an internet search. A quick search can often turn up helpful results, alerting you to common phishing schemes or confirming the site’s legitimacy.

Make sure you know what information is supposed to be requested of you by any particular type of website, including research sites, credit card companies, and banks. In general, taking your time, staying up to date on the research, and following your intuitive responses, will go a long way towards keeping you safe from phishing schemes.