AllSides believes media literacy is fundamental.

The central tenet of our mission is the belief that the current digital landscape makes it harder to get the full picture and decide for yourself. While we focus primarily on media bias, misinformation, and helping people become better news consumers, there are plenty of other threats on the digital landscape.

Here are some helpful tips on how to identify a scam online and protect your money and personal information, written by Shanice Jones (Center bias).

Across every sector today, phishing attacks have become an increasingly common method of cyber attack, which can have potentially dangerous consequences. Enterprising bad actors can use phishing techniques to trick victims into granting them access to restricted networks or providing sensitive data. This data can then be used to manipulate victims into providing money, information, or access to further private accounts. 

Savvy hackers have used phishing to access unsuspecting victims’ personal smartphones and systems, which can quickly lead to accessing private personal information and financial details. Social media platforms such as Twitter have seen huge numbers of phishing attacks, with hackers attempting to manipulate employees via the popular social media outlet. Even the United States government has been targeted; as a recent report has revealed, North Korea attempted to use phishing to access United States government intel earlier this year. 

In this article, we will take a look at just what phishing is, including how it works and what makes it so dangerous. Then we will explore ways to easily identify phishing attacks before they happen so that individuals can protect themselves against this insidious and all-pervasive threat. 

What is Phishing?

Phishing is a method of cyber attack that sees bad actors attempting to trick unsuspecting victims into granting requests or performing certain actions. Cyber attackers enact this type of attack by impersonating a familiar person, such as a friend, family member, colleague, or boss, or a legitimate and trustworthy organization, such as a bank, an IT support service, or a government office. 

In a successful phishing attack, the bad actor will use their perceived familiarity with the victim to manipulate them into clicking on a link that leads to a compromised web page, revealing sensitive data, such as financial information or login details, granting access to restricted networks, or installing a compromised file. Phishing can be enacted over the phone, via email, on social media platforms, or through text messages. 

Phishing is one of the most frequent types of social engineering cyber attacks. Social engineering attacks encompass any cyber attack that attempts to trick computer users. Social engineering attacks were the most common cyberattack vector in 2022 and are often paired with other attack methods. Malware, network attacks, code injections, distributed denial of service attacks, and others can easily be enacted in combination with phishing or other social engineering cyber attack methodologies. 

7 Ways To Identify Phishing Attacks

In addition to the previous compelling phishing attack methods, technological advancements are also contributing to the rise of cyberattacks in 2023. Deep fakes and artificial intelligence chatbots can credibly impersonate familiar people and craft naturalistic human-sounding text. In the face of this evolving threat technology, how do we identify and prevent successful phishing attacks in 2023? 

Let’s take a look at seven ways to easily spot common phishing attempts. 

1. Look For Mistakes

Sometimes, hackers are overly confident in the fallibility of their victims, which can lead to telling slip-ups. Watch out for typos or glaringly obvious grammatical mistakes. In some cases, the hackers will even misspell the name of the trusted contact or organization. 

These kinds of mistakes can provide helpful alerts that something about this email or social media message is not quite right, allowing you the space to pause, consider, and investigate further. 

2. Double-Check The Email Address

Phishing emails may display a convincingly legitimate sender name, but that does not mean that name will always fit the email address. Double-check that the sender’s address is familiar and legitimate before you open your message. 

Personal emails that end with a generic website ( or, for example) that are meant to come from a professional organization are fake. 

3. Pay Attention To The Greeting

Most correspondences, whether on the phone or in email, will include your name. If you receive a message that begins with “Greetings valued customer,” “Salutations Sir or Madame,” or something similar, you should be wary of the generic nature of this greeting. 

Consider it yet another red flag that gives you pause and leads to a deeper investigation into whether or not this message is legitimate. 

4. Examine The Signature

Beyond just the personal greeting, your email messages should include a legitimate signature from the sender. Particularly if the email is meant to be coming from an organization, the organization will always provide contact information in its email signature. If your message lacks this telling detail, then you know it is probably a scam attempt. 

5. Review Links Before You Click Them

Any email or message with links included should be regarded with suspicion. Hover your mouse over the hyperlink before you click on it. That way, you can double-check just where exactly that link will land you before you click on it and realize that it has sent you to a malicious website, but now it is too late. 

6. Pay Attention To The Tone

Have you received a message in which someone who is supposedly a professional is attempting to scare you with fear-based content? If the email or phone call you receive emphasizes a subtle threatening tone, it is probably a phishing attempt. For example, phishing emails often use threatening phrases, such as “If you fail to complete this task your account will be suspended.” 

When people are afraid, they are much less likely to stop and question the validity of the request. Pay attention to the tone of the messages to avoid being coerced into sharing personal details or sensitive data. 

7. Learn About Common Phishing Schemes

There are several frequently used phishing schemes; once you learn to recognize these attempted attacks, you will spot them easily and quickly mark them as spam. One common attack strategy is to use a surprising and enticing narrative that will convince you to share your financial details. 

Emails claiming that you have won a special cruise giveaway (for a contest that you never entered) or that you have inherited wealth from a mysterious deceased relative that you have never heard of before are almost certainly phishing attempts. If something about the email does seem legitimate, you can always request to continue the conversation in a different method of communication, which often discourages hackers immediately. 

Protecting Yourself Against Phishing Schemes

Common sense and awareness are two of the most powerful tools you can employ when working to protect yourself against phishing schemes. Learn to identify the telltale signs of a phishing attack so that you can easily block and report these attempts. 

As phishing schemes continue to develop, making use of more sophisticated contemporary technology and digital tools, make sure to stay updated on the latest phishing attacks making the rounds. Implement a zero-trust security strategy to keep all of your logins and network access secure, and install an up-to-date firewall that can help mitigate the damaging effects of even a successful phishing attack. Always install the latest security updates and patches to your computer, smartphone, and apps. 

When something seems off about a message, whether that is in a text message, over social media, in email, or on the phone, take a moment to investigate further. Performing a simple internet search to check whether the request is legitimate can often reveal plenty of other people’s stories recounting instances of identical phishing attempts. Remaining vigilant against phishing schemes and suspicious messages is the best way to block phishing attacks from the get-go. 

Shanice Jones is a technical copywriter with over 5 years of experience in helping B2B and B2C startups build their content strategies and grow their organic traffic.

This piece was reviewed and edited by Isaiah Anthony, Deputy Blog Editor (Center bias).