Skip to content


Unmasking Phishing Attacks: How to Outsmart Phishing Attempts

Blog Graphic 10.11 2

Table of content

Phishing attacks have been around for quite some time, with some experts estimating the first attack may have happened in the mid-1990s back in the heyday of AOL.

However, gone are the days when doing a scan for bad grammar was enough to determine if an email was malicious. As threat actors turn to AI to quickly generate authentic, convincing text for use in phishing emails and texts, end-users need to be ever vigilant before they click a link and fall down the phishing rabbit hole.

It’s not just the email text that’s elevated in sophistication, either. Earlier this year, our cyber team encountered an incident where a malicious actor cloned an organization’s single sign-on to look identical to the real version. Attackers are increasingly using curated, well-designed landing pages to mimic sign-on pages and obtain an end user’s credentials directly,  going so far as to recreate an MFA authenticator page to gain full access to an account. Below, you’ll find an example of a curated, well-designed landing page provided by the University of Minnesota.

Common Email Phishing Example vs. Phishing Webpage

Blog Graphic 10.11

Don’t let your organization be a victim to phishing. Below are some of the red flags that end-users can identify to help determine if they are being phished:

Analyze Everything Before Clicking

Phishing attacks start with emails and text messages that appear legitimate. They may come “from” a colleague or mimic the appearance of an official email. With organizations moving towards hybrid and remote models, less face-to-face interaction with colleagues could lead to employees falling susceptible to phishing.

To distinguish between genuine and fraudulent messages, scrutinize the email closely. Look for grammar and spelling errors, unusual greetings, or suspicious requests for sensitive information. Remember, reputable organizations will never ask for personal details or login credentials via email. If something feels off, trust your instincts and verify the authenticity by contacting the organization directly.

Beware of Urgent Calls to Action

Phishers frequently employ tactics designed to incite panic and urgency for the end-user, such as threatening to close down an account if proper action isn’t taken or an urgent request to review an invoice or document. They may create a false sense of impending consequences if you fail to act immediately. However, don’t let your emotions cloud your judgment. Take a step back, evaluate the situation objectively, and consider whether the urgency aligns with normal business practices. Legitimate entities will never pressure you into providing personal information hastily or making reckless decisions.

Scruntize Suspicious URLs and Links

One of the telltale signs of a phishing attempt is misleading URLs and links. Hover over links before clicking on them to reveal the actual destination. Check for misspellings or alterations in the website address that may indicate a fake webpage. Always verify that the website has a secure connection by ensuring the URL starts with “https://” and displays a padlock icon. When in doubt, navigate to the website directly rather than relying on provided links. This includes reviewing the following:

  • Links in what appear to be bulk emails – especially if they aren’t addressed to you by name
  • Security alerts – Example: Don’t click a “Microsoft software security update” link in unsolicited email.
  • Emails telling you to follow a link in order to verify or fix a problem with your account.
  • Cryptic or shortened URLs (e.g. Tiny URLs) – these are particularly risky because you can’t easily tell where they are supposed to go
  • Bargains and “great offers,” or links to claim an award/reward
  • Links to pictures, videos, or documents from people you don’t personally know

The same vigilance you use for links should also be used for attachments. If an attachment looks suspicious or if you weren’t expecting a document from the sender, exercise caution and do not open it.

Stay Alert for Unusual Requests

Phishers often ask for sensitive information that goes beyond what’s typically required. Be cautious if an email or website prompts you to provide personal details such as Social Security numbers, passport information, or banking credentials without a valid reason. Legitimate organizations follow strict protocols to protect your data and will only request necessary information. If uncertain, contact the organization through official channels to verify the authenticity of the request.

Trust Your Instincts

If something feels off, always triple-check. Phishers employ various techniques to deceive and manipulate, but your intuition can often detect something amiss. If an email raises doubts or feels too good to be true, exercise caution and take extra measures to verify its legitimacy. It’s better to err on the side of caution than to fall victim to a phishing attack.

Phishing attacks continue to evolve, posing an ever-present threat in our increasingly digital lives. By familiarizing yourself with common indicators of phishing attempts, you empower yourself to recognize and avoid potential risks. Remember to maintain a vigilant mindset, question suspicious emails, scrutinize URLs, and trust your instincts. Together, we can combat cyber threats and create a safer online environment.

About the Author:

Stephen Jones is VP of Cybersecurity at Dataprise. Learn more about him here.

Recent Tweets


Want the latest IT insights?

Subscribe to our blog to learn about the latest IT trends and technology best practices.