Don’t Get Hooked: How To Recognize, Avoid, and Report Phishing Emails
From email spoofing and fake invoice email scams to threatening language and malware links, phishing attacks are getting more advanced by the day. But there is good news – it’s easy to identify phishing red flags once you know what to look for.
This guide is a follow-up to our November email tips, and will teach you how to identify the warning signs and avoid phishing scams altogether. From dodgy attachments and account suspended scams to suspicious password reset scam attempts, we’ll show you how to recognize phishing red flags, how to protect yourself, and what to do if you think you’ve already responded to a phishing email.
Information 24-7 & West Wisconsin Telcom NEVER Ask For:
Before we get into phishing red flags, we want to make sure it’s clear what you CAN’T expect us to do.
We will NEVER…
- Ask you for your password, PIN, or one-time code via email, text, or phone
- Provide a link for you to “verify” or “unlock” your account. Instead, navigate to our website or app instead
- Request gift cards, crypto, wire, or cash app payments as a form of payment or donation
- Threaten to disconnect you right away or ask you to act urgently by email or text
- Email unexpected attachments (ZIP, EXE, or HTML files) claiming to be invoices or software updates
- SMS or message you from unofficial numbers. We only send from @wwt.net
We will ALWAYS…
- Direct you to sign in at our official website or app, or call our published phone number
- Only post important notices on our status and help pages and on our official social media channels
If you receive a message that doesn’t align with the above, it’s probably either phishing or smishing (SMS phishing). In case of concern, you can call us at our official number and ask for us by name.
How To Recognize Phishing
Common Red Flags In Emails & Texts
Phishing emails and text messages have certain characteristics that raise warning flags:
- Threatening or urgent language, like your account will be suspended or closed immediately if you don’t act now
- Fraudulent or unsolicited invoices or receipts for products you didn’t purchase
- Password reset emails you didn’t request
- Prize or refund notifications for winnings you never entered
- Generic greetings such as “Dear Customer” instead of your actual name
- Subtle spelling or grammatical errors, which real companies won’t make
- Inconsistent sender addresses that don’t match the company’s official domain
- Requests for personal or sensitive information, like your password, SSN, or payment details
Spear phishing attacks are typically personalized to make them appear more genuine, so don’t be fooled by the specificity.
Suspicious Attachments & Links
Always hover your mouse pointer over the link so a preview of the actual URL appears before you click. If it doesn’t look like it goes to the company’s official website, or it contains random characters, misspellings, or other suspicious elements, don’t click it.
Email and text attachments can also contain malware. Files with extensions such as .zip, .exe, .html, or .pdf may have a malicious payload inside that can infect your computer as soon as you open them.
Keep your devices and your entire network safe with ProtectIQ, included with 24-7 & West Wisconsin Telcom’s Smart Home WiFi plans. ProtectIQ provides next-generation security features for advanced protection of your devices, blocking access to malicious websites, including phishing attempts.
“Does This Sender Make Sense?” Check
Always ask yourself a few questions when you receive an unsolicited or unexpected message. “Do I have an account with this company?” or “Do I know this person?”
If the answer is “no,” then it’s almost certainly phishing, and you should delete it immediately.
If the answer is “yes,” then don’t use any of the links or phone numbers provided in the message. Instead, navigate to the company’s official website by manually typing the URL into your browser, use their official app, or call a customer service number that you find through your own search.
How To Protect Yourself From Phishing Attacks
Turn On Automatic Update Software
Turn on automatic updates for all your devices, including mobile devices and desktop computers. Automatic updates keep your software up-to-date and close security holes before cybercriminals can exploit them.
Use Multi-Factor Authentication (MFA)
MFA requires users to verify their identity using two or more of the following factors:
- Something you know: Your password or PIN
- Something you have: A phone, security key, or authentication app
- Something you are: Fingerprint, face recognition, or other biometric data
If a phishing attack compromises one of these factors, the attacker still won’t be able to access your account because they won’t have the second factor. Enable MFA for all accounts that offer it, but prioritize email, bank, and social media accounts.
Back Up Your Data Regularly
Make regular backups of your data so that if malware encrypts your data or your device gets compromised, you can recover your files. It’s a good idea to use both a cloud storage service and an external hard drive for backups. Schedule automatic weekly backups or more frequent backups for critical data.
Let Spam Filters Help
Email providers and many types of security software include spam filters that automatically quarantine many phishing emails before they reach your inbox. While spam filters stop many phishing attempts, scammers are constantly working on new methods to bypass spam filters, so you still need to remain vigilant.
Using Antivirus Software
What Antivirus Software Can Do
- Block malicious URLs or attachments before they can harm your computer
- Detect malware payloads that get delivered by a phishing email
- Flag suspicious downloads after the user clicks a link
- Provide basic web filtering or email scanning to detect and block threats
What Antivirus Software CANNOT Do
- Stop all phishing emails from reaching your inbox
- Detect brand-new or otherwise well-crafted phishing messages that use novel techniques
- Keep users from voluntarily entering their password on fake websites
- Recognize social engineering techniques that are designed to appear completely legitimate
Boost your antivirus protection with 24-7 & West Wisconsin Telcom’s computer bundles that include the latest antivirus software pre-installed and are designed to keep your system secure from day one.
What To Do if You Suspect a Phishing Attack
If you receive a suspicious email, text message, or message, there are several steps you can take immediately.
Stop, Don’t Click
The first rule of phishing is never to interact with a message you suspect is a phishing attack. Don’t click links, don’t open attachments, and don’t reply to the message. Just immediately delete the email or text message.
Verify Through Official Channels
Log into your account on the official website to check for any alerts or notifications, or call the customer service number you find through your own independent search to check if they really sent the message.
What To Do if You Responded To A Phishing Email
If You Entered Personal/Financial Info
Visit IdentityTheft.gov immediately to get a personalized identity theft recovery plan. This free government website will walk you through specific steps based on what information was compromised, like credit card numbers, bank account info, or your Social Security number.
Time is of the essence. The sooner you respond, the more you can do to prevent identity theft and financial loss.
If You Clicked A Link or Opened An Attachment
- Update your security software and run a full system antivirus scan. Delete any flagged files.
- Change your passwords, starting with your email and financial accounts.
- If possible, enable multi-factor authentication (MFA).
- Check account activity logs and monitor accounts for suspicious activity over the coming weeks.
Here’s a quick chart breaking down specific scenarios:
| What Happened | What To Do Now |
| Clicked a link | Run full antivirus scan; monitor accounts for unusual activity; update security software |
| Entered password | Change password immediately; enable MFA; check account activity logs for unauthorized access |
| Entered card/bank info | Contact your bank to freeze/replace cards; monitor statements; file fraud report; visit IdentityTheft.gov |
| Entered SSN | Visit IdentityTheft.gov immediately; place fraud alert with credit bureaus; consider credit freeze |
How To Report Phishing
Forward Phishing Emails
Forward phishing emails to the Anti-Phishing Working Group (APWG) at reportphishing@apwg.org. APWG reporting helps track and combat phishing campaigns globally.
Report Phishing Texts (SMS)
Report spam: text 7726 (SPAM). Suspicious text messages can be forwarded to SPAM (7726) to help your mobile carrier identify and block spam text sources.
Tell The FTC
You can also report phishing to the Federal Trade Commission (FTC) at ReportFraud.ftc.gov. Include details about the phishing email or text, including the sender’s information, in your FTC report fraud submission.
We’re Here To Help
If you receive a message that claims to be from 24-7 & West Wisconsin Telcom, but you aren’t sure whether it’s real, don’t hesitate to reach out. We’re more than happy to confirm if a communication did or didn’t come from us, and it’s always better to be safe and check.
Now that you know how to spot phishing red flags, how to take preventive steps such as enabling MFA and turning on automatic updates to avoid phishing scams, and what to do if you accidentally respond to a phishing email, you’re all set to stay safe online. When in doubt, remember to trust your instincts and verify any suspicious messages through official channels. Your diligence is your best defense against cybercriminals hoping to hook you.
