Plenty of Phish

envelope with skull on fishing hook

The season of love has arrived and whether you’re in a committed relationship or not, our hope is that you don’t get swindled by any catfishing or phishing cons this February 14th. Though our expertise does not lie with the former, we are here to help keep you off the hook of email phishing scams with some tips and tricks to keep your inboxes, and hearts, safe.

Phishing is when an attacker impersonates a legitimate company or business in order to steal sensitive information. By disguising themselves as a colleague or brand you trust, they try to trick you into taking the bait and clicking a malicious link or attachment. Though many of these hackers are quite so-fish-ticated, you don’t have to be a brain sturgeon to catch on to their ways and avoid turtle disaster. (I know, these puns are o-fish-ally a-trout-cious).

Look out for weird email domains.

Most organizations, except some small shops, that communicate with you through marketing and service emails will have their own email domain and company accounts. Don’t just look at the name of who it is sending the email, but check out the from email address. Not even Google will send you an email from a public email address such as “@gmail.com.” Similar to experienced online daters, hackers are often skilled at making a good first impression, so double check the address to make sure the domain name comes after the “@” symbol and that no alterations such as extra letters or numbers have been added. If something looks a bit fishy, it probably is.

laptop illustration pointing out an email with a weird email domain

Say my name.

Most businesses that you have an account with will probably have your name. Don’t be koi, we know you thought it was cute when your new flame referred to you as “bae” for the first time, but let’s just wave that red flag if your email greets you in similar generic terms such as “account holder,” “customer,” or even your verbatim email address instead of a first name or more personalized salutation.

laptop illustration with email greeting you as BooBear

These hackers must be krilling me if they think I'm going to fall for an email that addresses me as “Sir/Madam."

Check they’re there their grammar.

If you’ve ever dabbled in online dating, you’ve most likely experienced at least one budding relationship come to a quick end over an improper use of “your.” Please carry that lesson straight to your inbox. Emails from real companies betta be well-written with proper grammar and spelling, or else their copywriters will reel-y be herring it.

laptop illustrating your vs you're grammatical mistake

Are they URGENTLY requesting sensitive information via email?

Holy shrimp, this scampi happening! Scare tactics are often used in phishing emails. Hackers create a sense of urgency, often citing problems with an account or payment information or a limited time to claim a prize. By inciting a sense of panic and/or urging people to take action quickly, people are more likely to swim right into the trap and are less likely to recognize that something might not be right.

Legitimate companies won’t ask you to provide sensitive information through an email link. Instead, if you need to update or check secure information, do so by navigating directly to the site and logging in from there (using multi-factor authentication if possible).

Check all URLs before clicking.

Similar to how a pair of sunglasses or an Instagram filter can make you question if the person sitting across from you is the same person as in their profile picture, phishing URLs know how to undergo a glow up as well. Before clicking on those enticing CTA buttons or hyperlinks, verify the URL by hovering over the link or right clicking and copying the link address into a notepad. Don’t get schooled by these hackers. The domain of links from a real company will match the purported company domain.

Unsolicited attachments.

Nobody likes a stage-five clinger, nor do we appreciate random attachments in our emails. Real companies will direct you to their site to download documents or files, not include invoices or coupons for download in their emails. Don’t let an unrequested attachment become your nemo-sis. Clinginess like this is a clear sign to cut them loose.

Although the internet is a place where any-fin is possible these days, follow these tips to keep your friends close, anemones closer, and inboxes safe from phishing scams. We wish you all a Happy Valentine’s Day, octopi-ed with lots of love and legitimate emails! (Once again, sorry for going overboard with the puns.)