What is a common indicator of a phishing attempt? A common indicator of a phishing attempt is a request to take action: to click a link or provide information in a reply.
Not only is "a request to take action" a common indicator of a phishing attempt, it is the most important indicator to focus on to not fall prey.
A lot of sources will mention signs of phishing being things such as poor grammar and words spelled wrong. However, bad writing is not what someone should be focusing on when detecting phishing attempts.
As mentioned above, one needs to look for a request to take action.
If a potential victim is mindful of this and a few other less obvious signs, they will not fall for a phishing attempt.
What is a Phishing Attempt?
A phishing attempt is a confidence trick that involves a scammer sending communications to people in order to deceive them and gain sensitive information from them.
In the modern age, phishing communications are mostly digital with the majority of them being phishing email messages.
Phishing can be used on mass amounts of individuals at once or can be specifically targeting individuals and organizations.
What Does a Phishing Attempt Look Like?
A phishing attacker will make focused attempts to gain information from specific people.
Information that will gain the attacker the victims money.
However, the most common phishing attempts are bulk generic looking emails sent to large groups of people with only a small percentage falling for the attack. If someone is concerned that they are the target of a focused phishing attempt, they will have to lean to protect themselves from what is called Spear Phishing.
Phishing attempts on large groups involves scammers sending messages that appear trustworthy, or at least they try to make them look trustworthy. These phishing messages are made to look like communications (emails mostly) that people are expecting, like a message from a bank or utility company. The phishing message can ask for people to reply with information such as bank account information. Some people might think it normal to email their bank with personal information the bank already has.
Phishing Software Download Attempt
A phishing email attempt can also be used to get an individual to download malicious software such as ransomware. Instead of the email asking for information, the email will ask the recipient to click on a link. This link will then download malware on the victims computer that will eventually be used to extort money from them.
Should I Check for Bad Writing?
That's beside the point. Poor grammar and words spelled incorrectly can't steal money or information from people, links and replies can!
Instead of focusing on bad writing, possible victims need to pay attention to a request to reply or request to click on a link.
How Do I Protect Myself From a Phishing Attempt?
There are two ways for someone to protect themselves from a phishing attempt:
Do not reply
Do not click links
If an individual is concerned of phishing but still needs to send sensitive information to an organization, one can initiate communication separately and on their own.
This means that people should contact the organization on their own. If someone gets a email that looks like it's from their bank, then they should avoid sending a reply or clicking on a link and contact their bank on their own with reputable contact information.
About the Author
Peter Sandru is an Instructor & Co-Founder of NDIL with over 15 years as a Professional Investigator. Peter has spent more than a decade conducting investigations and security operations throughout the world, primarily for corporations, law firms, and government agencies. Peter has assisted in the creation of numerous investigative & security training programs in various capacities.