Phishing is phony digital communication “fishing” for your response, and ultimately your valuable, personal information. With billions of phishing emails sent daily worldwide, phishing is big business, an entire cybercriminal industry on a massive scale, with specialists working at every step of the process: app developers, marketing experts, and money launderers. More than $2 billion annually are lost by US businesses and consumers.

‍

Scammers cleverly craft emails, text messages, phone calls, and webpages to impersonate organizations such as Microsoft, Google, Facebook, local organizations, banks, credit card companies, and government agencies. It can be very difficult to notice that the messages are not authentic since the quality of impersonations is improving all the time.

‍

Most messages are sent to huge lists of targets, making nobody immune to the threat of phishing.

‍

Common phishing messages include notifications of “suspicious activity” or log-in attempts, “problems” with your account or payment information, requests to update or confirm personal or financial information, or promises of a government refund. Attackers are always innovating with more tricky ways to deceive.

‍

The purpose of phishing messages is usually to guide you to click on a link, download an attachment, or enter information. The aim of phishing is typically to steal your personal information such as passwords, credit card numbers, and bank account details, and take over your accounts.

‍

Phishers also send fake invoices or wire transfer requests and ask you to pay them. Just this year, the Chittenden Solid Waste District in Williston, Vermont was targeted during the construction of a new recycling facility. Two payments totaling $3 million were supposedly made to a construction partner, but instead were sent to scammers using a nearly identical email address. This is a perfect example of whale phishing, which is extremely personalized and directed at high-level targets. The extra time and effort to research and craft a diabolical scam is deemed worth it for the potential big payoff.

‍

Your data and your financial accounts are extremely vulnerable unless you and your employees have received training to identify phishing. Never trust requests for logins or personal information. Never click on a link in an email you were not expecting because attachments and links might install harmful malware. Always verify the email of the sender. Contact the sender using a phone number or website you know is real and have verified—do not rely on the contact information provided in the email. Hover over links to check the actual URL before clicking.

‍

If you responded to a phishing email and gave a scammer your information, such as your Social Security, credit card, or bank account number, go to IdentityTheft.gov and follow the directions. You can also help fight scammers and combat the growing phishing epidemic by reporting phishing emails and text messages at ReportFraud.ftc.gov. Forward phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.organd suspicious text messages to SPAM (7726).

‍

‍

See this blog post as a column article in the Bennington Banner.