It's Too Cold For Trout But Not For Phishing

As if we hadn't seen enough spam and phishing emails with the onset of COVID-19, it has gotten worse. Since the start of 2021, we have experienced an even more significant rise in spam/phishing emails. As we have discussed many times before, these emails can be quite tricky. We are all familiar with the phishing email that appears to be a friend or family member stranded in a foreign country. Although those attempts still make a great deal of money, today's scams are so much more sophisticated. Today, the phishing attacks genuinely appear to be your bank or Amazon requesting sensitive information. There are a few tried and true rules to help avoid these tricky scams.


The email induces a sense of urgency and panic. Many times when we see correspondence from the Internal Revenue Services, the mere name causes panic. With a typical phishing email, it is the message that induces a great sense of urgency and panic. This is most definitely the purpose of the hacker. The more panic you feel about an alleged account compromise or banking disaster, the less likely you will think rationally. Hackers count on this, so be sure and remain calm and verify the sender and the information.

The email is unsolicited. A rule of thumb when it comes to an email, unless you have requested something from the sender, most companies will not ask for sensitive information via an email. A request that is entirely out of the blue is a good sign that it is a phishing attempt. When in doubt, contact the sender via phone and verify they have requested the information.


The email contains an attachment. Similarly to the above rule, if you receive an email that you did not request, it is rare for a sender to ask for you to click on an attachment. Once again, when in doubt, verify with the sender.


The addresses within the email provoke some questions. When you look at the email address or the URL embedded in the email, it should look identical to the expected address. It can not have flipped letters or numbers in place of letters. Pay close attention because hackers can make them look very similar. Always hover over an address before clicking on it and verify that it is the address you expect to see.


The email could have benefitted from Spellcheck. When reading an email, if you hesitate because of misspelled words or the grammar that makes you question the sender's first language, this is a tell tale sign that it is a phishing attempt. Hackers are very good at creating sophisticated phishing attacks, although many phishing emails do not include proper grammar or spelling. If you question the email, always verify!


When to avoid phishing attacks, the name of the game is to pay close attention, stay rational, and always verify with the sender. You can prevent these tricky attempts to get you to give away your information or click on a malicious link with the right attentiveness. A rule of thumb is "trust your gut" and always verify. Also, always contact your Pendello Solutions team and allow us to investigate before you click.