Yesterday, I received a phishing attempt in my email that was telling me about a file that someone had shared with me. The email asked me to click on a link to access the file so that I could open the file, which supposedly had information about my student status. I didn't recognize the email, so I forwarded it to the system administrator, who confirmed that the email was definitely a phishing attempt. Today, I will be sharing tips for how to recognize phishing attempts with vision impairment.
First, what is phishing?
Phishing is defined as "the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication." Most of the phishing attempts I have encountered have been over email, but phishing can happen over instant messaging, texting, and similar platforms. Phishing attempts have decreased in recent years since the technology behind spam filters has improved, but phishing attempts can still make their way past the spam filter.
Examples of phishing attempts
Some examples of phishing attempts that have been sent to my college email address include:
- Someone posing as a university faculty member to get my student identification number
- Getting sent a fake job application for a researcher position
- Receiving an email from a misspelled email address asking for my computer login
- My friend's email getting hacked and the hacker sending a message to all of their contacts requesting money
- An email saying that I could log in to an account by emailing the sender my username and password
Who is at risk for phishing attempts?
Anyone can become a victim of a phishing attempt, but people with vision impairments may be at a higher risk due to the following factors:
- Email addresses sounding similar when read out loud by screen readers
- People assuming that they have to login a specific way because they use assistive technology
- Opening attachments without thinking because they frequently receive attachments with accessible documents
- Limited technology skills in older populations
This year, two of my friends have been the victims of phishing attempts and had their school emails hacked or had money stolen from their credit card. Phishing is a very serious issue, and following those attacks I have made sure that my friends all understand how serious phishing attempts can be.
First, do not get scared
One of my friends gave me permission to share the specific story of how they were a victim of a phishing attempt. They had gotten an email that said they were at risk of being terminated from our university since they did not have the correct student information on file. My friend panicked and sent back their student number, email, and password, because they were worried that it would affect their registration for classes. Their email account ended up being shut down and it took several days to fix everything. If you get an email that says there is a serious consequence for not complying with a specific request, try and verify who sent it. In the meantime, do not do anything or send information.
Read the email address
Anyone can create an email address, so it never hurts to confirm that an email is genuine before replying. I like to zoom in and read every single character of an email address when deciding if an email is legit. The, I verify the email address by running a web search to ensure that the sender is who they say they are. One of my friends had their email hacked because they thought they were replying to an email address associated with their workplace, and it turned out that wasn't the case.
Don't be afraid to call
If I don't recognize an email from my university, I call the associated department and ask if they sent an email to me, or if they are aware of an email advertising a specific service. When I was an IT major, I would frequently receive scam emails for job opportunities within the department and I would verify their legitimacy by calling the department to ask if the email was safe to open. Nine times out of ten, it turned out to be a phishing attempt. If a phishing attempt appears to be coming from a business, you can use the Google Assistant or an iOS shortcut to look up their contact information and verify the information with ease.
Don't send anything
Never send sensitive email addresses, login information, passwords, or credit card numbers over email, especially to people you do not know. This may seem very obvious, but I have been surprised over how many people continue to do this and put their online information in danger. Even if I completely trust the sender, I never know where that information could be forwarded or how it can be used against me in the future.
Pay attention to the language
Very generic sounding greetings or vague requests are common signs of phishing attempts. If I read an email addressed to "website owner" or "university student," I'm not likely to take it seriously and will typically just delete it without verifying any information. It's just not worth dealing with. Other examples of things to watch for include improper grammar, incorrect uses of contractions, weird sounding email signatures, and similar.
Learn how to create secure passwords
Knowing how to create secure and easy-to-type passwords is a fantastic skill to protect against phishing attempts, because people who change their passwords frequently are less likely to get hacked. I have an entire post about creating secure passwords, which I will link below.
If you are the victim of a phishing attempt
Are you the victim of a phishing attempt? Here are my recommendations for what to do as soon as you find out:
- Change your passwords across all accounts immediately, especially your email password since that can give people access to any of your accounts
- Call your credit card company and suspend your account, and watch for any weird charges
- If it is a school or work email address, contact the information technology desk or similar office
- Check your most-used accounts and make sure you can still access them
Phishing attempts can be very frustrating and even terrifying, but by using these tips, people with vision impairments can further protect themselves against phishing attempts and know how to verify information when needed. Just remember if you think it's a phishing attempt, you're probably right.