How to Recognize and Report Phishing

Stay aware to identify phishing attempts and protect your organization.

Hands with purple background typing on keyboard
Office of the CISO

Why does the cybersecurity team sound like a broken record? Why is phishing a recurring component of yearly corporate security training? Why do you hear the same things over and over? The reason is simple. Phishing works. And until it doesn’t, the record will repeat.
 
When a company gets hacked, you may see the headlines. The news may include information about how many computers were encrypted, how much ransom was demanded, and other headlines that shock you to attention for 42 seconds. What you probably won’t see is the follow-up article. That will come six months, or even a year, after the hack was announced. It will be relegated to IT security blogs because it simply is not exciting. It will have a root-cause analysis, and, more often than not, that root cause will begin with a phish.

How to Identify Phishing

Phishing scammers are trying to trick you into giving away your personal information. This often is accomplished via phishing emails or text messages. Common types of information they attempt to steal include passwords, Social Security numbers, and account information. The tactics they use to obtain this information and gain access to your accounts often change to maintain effectiveness.
 
With thousands of phishing attacks launched daily, it is difficult to keep up. On top of that, the rapidly changing methodology of attack makes it difficult to identify a phishing email or text message. The attacker may, very convincingly, disguise the email or text as originating from a trusted source such as a social media website, bank, or store. Attackers also often try to scare you into taking immediate action by saying something is wrong with your account. Common ways they attempt inroads include:

  • Trying to access your account from a strange IP address 
  •  Mentioning coupons or offers
  •  Saying they need you to confirm some personal information 
  •  Claiming there’s an issue with your payment methods
  •  Sending a false invoice 
  •  Asking you to confirm information or make payment via an included link 

Before taking action when an email asks for personal information or invites you to open an attachment, look at a few cues. Make sure the “From” address makes sense and matches the organization sending the email. If you do not recognize the From address, it is best not to open any attachments or follow any links. Look for public domain email addresses (Gmail, for example) when an email is sent from an organization—this is a huge red flag. You should also look for misspellings in domain names. Phishers often change just a couple of characters in a domain when sending an email to trick you into thinking it’s legitimate when really it is a scam.
 
The email may also be poorly written. Often scammers are poor writers or rush their emails out to thousands of recipients, so take care to read the email fully and completely to understand what is being said and how it is being portrayed.
 
Finally, be wary of a strong sense of urgency in an email. If the email requests you take immediate action to remedy an issue with a sense of “doom and gloom” if you do not comply, it is likely a scam. Scammers know people like to procrastinate, so taking this approach helps them yield results quickly.

How to Report Phishing

If you receive a phishing email or text message, you need to report it to your organization, following your internal phishing reporting protocols. Once you recognize it as phishing, make sure not to reply to or engage with the message—do not click any links, open any attachments, or take any action demanded by the attacker. 
 
Once you report it to your organization, the work is not quite over. You should also report phishing to the Federal Trade Commission at reportfraud.ftc.gov. This helps contribute to the fight against fraud on a national level. Your next step is to forward the phishing email to reportphishing@apwg.org. This email address is used by the Anti-Phishing Working Group, which is made up of law enforcement agencies, security vendors, financial institutions, and ISPs to track these incidents. Finally, you should alert the organization or individual impersonated as part of the scheme. Reporting phishing emails is a multistep process that allows you to help others stay safe online.
 
So why does phishing continue to happen? Because it works. People are the last layer of defense when it comes to phishing attacks, so remember to slow down, look carefully, and think before you act on a potential phishing scam.

Learn more about Cybersecurity Awareness Month with NETSCOUT!