How to Spot and Prevent a Phishing Attack

by | Aug 18, 2022 | Gary's Blog

Introducing Guest Blog Author:

Josh Rogan

When I get an email or phone call from a district asking for assistance on an issue that is outside my area of expertise, I reach out to Subject Matter Experts in my circle for their guidance and insight.  If you would like more information from this week’s blog author, Josh Rogan, you can email him at

josh.roganwrites@gmail.com

These days, nearly everything takes place online. From remote work to ZOOM classes, from socializing in social media platforms and online chat rooms, to buying groceries via online shopping platforms, the internet seems to be a ubiquitous part of our lives. With so many different ways of interacting over the internet, there are more chances than ever for us to be targeted by would-be hackers, bad actors, and spammers.

Luckily, with some basic awareness, useful tools, and foresight we can help to thwart the majority of cyberattacks. One of the most common methods of cybersecurity attack is called phishing. Phishing can usually be prevented, as long as you know what to look for. But for unsuspecting victims, phishing can pose a serious threat.

In this post, we will take a look at what phishing is, how to spot a phishing attack, and how to protect yourself against them.

Spotting and Preventing Phishing Attacks

What Is Phishing?

Whether you have heard the term before or not, chances are you have encountered a phishing attempt via email, social media, or even over the phone. In broad terms, phishing is an attempted cyberattack in which someone impersonates a legitimate institution or familiar individual, in order to trick victims into sharing personal information.

The information requested by the phisher may include financial information, such as band details or credit card numbers, which can be used to their advantage. Other phishing schemes try to gain access to private accounts or sensitive personal data, including passwords, health information, and geospatial location. Using these details, phishers can carry out identity theft.

Phishing schemes often target the most unsuspecting people, including students and the elderly. These are demographics who may not have had as much forewarning, or access to information about common phishing schemes. In fact, according to the 2022 State of School Safety Report, students are the demographic group that feels the least prepared to deal with cyberattacks and digital threats.

Types of Phishing Scams

We have outlined some of the serious consequences that can result from a successful phishing attempt. But what does phishing look like? And how can you tell that a phishing scheme is what you are encountering?

Phishing scams can occur over the phone, online in website form, via social media, or in emails. Two of the most common phishing methods are email spoofing and website spoofing.

Email spoofing involves sending an email from an account that seems legitimate, like Netflix, your bank, or a co-worker, when in fact you are corresponding with someone attempting to get information or data from you.

Website spoofing is when you, the unsuspecting victim, encounter a website that requires sensitive information or financial details in order to access the site.

Sometimes these methods are used to bolster each other. A phishing email can encourage you to click on a link that leads to a spoofed website, and on that site you may have to enter private details.

Research Site Attack Schemes

This type of phishing scheme is particularly significant for students, who may not know how to distinguish a legitimate research site from a fraudulent one. Sites posing as research resources can require sensitive details in order for students to access information, or can require students to download a seemingly harmless browser extension. This type of browser extension can then automatically install malware or spyware on the student’s computer and track their online activity in the process. Students can avoid these possibilities by sticking to well-known, vetted, legitimate research sites.

IT Notification Attack Schemes

Legitimate websites like PayPal, LinkedIn, and Gmail will send users a notification when fraudulent activity is suspected. But hackers are using these notifications to their advantage.

Since we are so accustomed to receiving emails from these familiar companies that say things like “unusual sign-in attempted”, we may not think twice about clicking on the links in these emails to address the issue. By simply hovering over the link, however, or taking a closer look at the contact sending the email, we will quickly discover that what seems familiar is in fact an attempted scam. Or take further steps to ensure that the email is legitimate, such as following the Gmail anti-phishing security protocols.

Protect Yourself from Phishing Scams

We have addressed some of the ways you can protect yourself against phishing scams, but let’s reiterate them here. Common sense and trusting your gut are two of the most valuable assets when it comes to preventing identity theft and other successful phishing attempts. If you open an email and something seems off, take some time to follow up. If the email appears to be from your boss, friend, colleague, or family member, contact them separately through a different format to confirm that they did indeed make that email request that set your internal alarm bells ringing. If the email is from an organization, whether previously unknown to you or very familiar, take a closer look at the email itself. Often simple mistakes or strange graphic design choices can reveal the falsity of the email.

The same goes for websites, especially sites attempting to impersonate well-known sites. Double check the website address- if it ends with a .htm or .html, beware. That site is likely installing malicious software on your device. If the site address seems okay but you are still not sure, copy and paste it straight into an internet search. A quick search can often turn up helpful results, alerting you to common phishing schemes or confirming the site’s legitimacy.

Make sure you know what information is supposed to be requested of you by any particular type of website, including research sites, credit card companies, and banks. In general, taking your time, staying up to date on the research, and following your intuitive responses, will go a long way towards keeping you safe from phishing schemes.

Submit Your Cybersecurity Questions Here

You Might Also Like

Gary’s Guide to School Safety

Below are some of the questions I received during the August 18 webinar, Using Drills and Exercises to Test Your School's Emergency Operations Plan, hosted by the Campus Safety Webcast Series.  The replay of the webinar can be found HERE by logging into your existing...

read more