Phishing is a form of social engineering—attacks that exploit human psychology rather than technical vulnerabilities. Instead of hacking directly into a system, phishers manipulate people into granting access.
These attacks typically come via email, text message, social media, or fake websites and are carefully designed to impersonate legitimate organizations or individuals. Their ultimate goal: to steal data, install malware, or gain unauthorized access to networks.
Phishing exploits the fact that as human beings it is in our nature to trust familiar names, worry about urgent requests, and want to resolve problems quickly. Attackers often launch phishing campaigns using automation, allowing them to send thousands of messages at once, hoping for one user to bite.
Spotting phishing messages is not always straightforward, but there are telltale signs you can look for:
-
Attackers often use misspelled domains or obscure email addresses like admin@micr0soft.support.
-
Phishing messages often lack personalization, they use phrases like “Dear Customer” or “User”.
-
Phishing messages often contain spelling and grammatical errors, or phrasing that does not match the rest of the tone of the message.
-
Attackers often attempt to create a sense of urgency to pressure the user into replying, they will use phrases such as “Immediate action required”.
-
Legitimate institutions will never ask you to provide passwords by email.
-
Hover over a link in an email, If the URL does not match what the link says its likely a trap.
-
If you don’t know the user who has sent you an email attachment, don’t download it.
Phishing is pervasive and constantly evolving, but awareness is our greatest defense. By recognizing the signs—questioning messages, double-checking URLs, and staying calm in the face of urgency—we make it harder for attackers to succeed.
Cybersecurity isn't just about tools—it's about people making informed, thoughtful decisions every day.
Stay alert, stay curious, and never be afraid to ask: “Is this message really what it claims to be?”
You can follow this link https://dartgo.org/phish-bowl to view real phishing emails that users at Dartmouth have received.