Hook, line, and sinker.

That’s what cybercriminals do when trying to steal your information through phishing attacks. So, what exactly is phishing? What are some common features of this scam? Thanks to aptly-named Phishing.org, we’ve got those answers for you.


Phishing is defined as a cybercrime where a consumer is targeted by email, phone, or text message by someone posing as a legitimate institution. The purpose of these crimes is to lure individuals into providing sensitive data like banking and credit card information, personally identifiable information, and passwords.

Did you know? The first phishing lawsuit actually dates back to 2004 against a California teenager. He was accused of imitating the website ‘American Online’ and gaining sensitive information from users.

Common red flags that indicate a phishing email.

Too perfect

Flashy offers and attention-grabbing statements do their job. Emails that indicate you’ve won a free iPhone when, in fact you were just searching for one, may entice you to click. Don’t. If the offer seems too perfect, too good to be true, it likely is.

Date and time

Always check the date and time of an email you receive. If you got a seemingly normal message, but it came in around 3 a.m., it might not be legitimate.


Links in emails are pretty common, but, be very cautious. If you actually hover your mouse over a link, it will show you the URL that you’ll be taken to once you click. Check that first before clicking – check the spelling or if anything seems off.


The same goes for attachments. If you see one that you weren’t expecting, or it doesn’t make sense, don’t open it. It could contain ransomware or other viruses.


Some red flags to look out for in the ‘from’ section include checking: if it’s someone you regularly communicate with, identifying a potentially suspicious domain (ex. a misspelling), or something that seems completely out of character.

How to prevent phishing attacks.

The bad news is that cybercriminals are getting smarter every day, coming up with new tactics to dupe the most educated consumers. But if you educate yourself and your employees with these key items, you’ll be well on your way to preventing the next phishing attack.

Use spam filters.

Generally, spam filters work like this. They assess the origin of the message, the software used to send that message and the appearance of it to determine if it is in fact spam. It’s not a foolproof system as sometimes it does block emails from legitimate senders, but it’s best to use these filters as a safety net.

Browser settings.

Your browser setting should be changed to prevent fraudulent sites from opening.

Remember this: A bank, the IRS, etc. will not ask for personal information via email.

Want to learn more about phishing specifically? Check out this great resource.

In what ways have you educated your employees to steer clear of potentially dangerous emails?