top of page

We Need to Talk About Phishing

by Joseph Fall

I’ve got more to say about AI and its potential impacts. More on that next month. But this month, we need to talk about “phishing”… again.


“Phishing” is a type of cyber-attack (computer scam) that uses social engineering (aka fraud) to trick a person into revealing some private information, installing malicious software, or entering a real password in a scammer’s fake website. Most phishing attacks are sent via email, although text messages and social media are also common vectors.

Yes, these are those annoying spam messages that claim you won a prize, or that appear to be from a friend in need or recommending a great investment or funny video.


Phishing attacks are so common because they are very simple to launch, requiring little technical expertise. And with the vast troves of data collected about us and sold in data markets, they are becoming ever more sophisticated, appearing as a legit message from a familiar source with a legit-sounding request, making them a serious threat.


Each year my students fall for a phishing attack demo I run. These are digital-savvy students, many of them expert computer users. So how can the rest of us protect ourselves?


Tell-tale signs of a phishing email:

  • urgency: something has happened to your account / your money / your family / etc. and you need to do something right now!!

  • sender: the email may appear to come from someone you know or do business with (spear phishing), but often the sender’s actual email address is a give-away

  • a link: there is nearly always a link they want you to click - that's how they will launch the actual attack. If you receive a suspicious email that appears to be from your bank or email provider, or from a friend or family member, don't click the link and don’t reply before:
    Checking the sender's email address carefully.  If it looks fishy, it is phishing. Delete.
    Using your browser to navigate to your bank / cell provider / etc. and log in to check things out. But don't use the link in that email!!
    If you are still unsure, check with the person or organization who appears to have sent you the message. But don't reply to the suspect email!!


Remember, the person being impersonated - the one the scam email appears to be “From” – is also a victim of identity theft. It is not their fault, and it does not indicate they have been hacked or sloppy with their own cyber-security.   We are all victims here.


Be kind and stay safe. -Joseph Fall

bottom of page