Phishing – How to Avoid Being a Victim

Kelly Rickard, Director of Information Systems • February 12, 2025

A significant majority of cyberattacks (70-90%) come in the form of phishing emails. At the risk of sounding paranoid, I cannot stress enough the importance of understanding when you might be the target of a scam. A little extra care and caution can help you and your loved ones avoid being a victim.

Phishing is a cybercrime tactic where scammers impersonate trusted entities (like banks or companies) through emails, messages, or fake websites. They goal is to trick people into revealing personal information, such as passwords, credit card details, or financial data. These scams can pose a significant threat, often appearing as urgent emails from legitimate sources. Recognizing and knowing how to avoid these scams can help protect your financial and personal information.

In my experience supporting residential and small business clients, the threats really do appear to be legitimate. I have seen people fall prey and lose retirement and savings accounts, the contents of which they were never able to recover.

One customer received an email from someone posing as being with Norton, a cybersecurity software that helps protect devices from viruses, malware, and online threats. The scammer indicated that the customer's computer was at risk, and they needed to gain access to make repairs. Access was granted remotely, and the scammer loaded software on the customer's computer and proceeded to locate a password file, which enabled them to access all the individual's retirement accounts. The scammer then requested payment by gift card, which ran into the $1,000s. Thankfully, we were able to contact all his financial institutions quickly and lock the scammer out.

Another customer was not so lucky. The customer's spouse had passed away years before, and an urgent email was found in the old email account with a link. The link was clicked on, and the scammer located a password list and proceeded to empty the retirement account ($400,000). No monies were ever recovered. This customer had not processed this as a threat and waited weeks before realizing the money was gone.

What does a phishing email look like? A phishing attack can be an email that uses tricks to encourage you to give away financial or personal information.

What should you be on the lookout for?

Urgency – “You need to do this right now!”
Asking you to click a link or download something.
Impersonating someone you may know or do business with (could be a family member, friend, or frequently used vendor such as Amazon, US Postal Service, and, during tax time, the IRS.)

How can you avoid falling prey?

Check the email address of the sender CLOSELY.
Don’t reply to suspicious emails – delete or mark them as Junk.
Be wary of shortened URLs. A URL (Uniform Resource Locator) is the web address used to access a specific webpage or file on the internet. It typically includes a protocol (like https://), a domain name (like example.com), and a path to the specific page or resource.
If it is dire circumstances that you respond RIGHT NOW – don’t believe it!

What can you do?