Here's Why Phishing is Getting Worse

Another insightful article, Bob! Thanks for keeping us updated on the latest threats, and all the tips for staying safe.

Thanks! I just do not click on links. Boss is not always happy but it works for me.

Thank you Bob! I almost got caught on a friendly looking e-mail pretending this friend's girlfriend was sick. Luckily for me, I got suspicious when he started asking for money.

I find more phishing occurs through Facebook posts. They look tempting because maybe you can win something. Click in, give them some details and you will receive phishing emails for weeks.

If you send someone a link, be sure to describe it in specific terms that tie it to you.
Not the phisher's favorite "thought that this might interest you" but "here is the video of the XXXXX robotics team at the qualifier last saturday"
A spammer cannot come up with a lot of specific detail or they will be a dead giveaway to almost everyone that it is not related to them.
Our company sends out phishing test messages to see if people hit the report a phish button.
Don't know how often or if the suspicious messages I tagged were test or real. No feedback is probably an indication that I have tagged real phishing or tests.

People should proceed as if there is a phishing attack out there that will get even them and always be vigilant. I could withstand the sweepstakes winnings, the credit card re-registration, and many other attacks. What hooked me was the email that said my credit score had been damaged. I clicked on the link without even thinking and my reward was a virus-laden laptop.

Within the last few weeks "Amazon" reported freezing my account, twice. I forwarded the emails to Amazon and was assured my account was not frozen. Damn those emails looked valid. No spelling or grammar errors. Lots of "Amazon" detail. Yes, Bob, the phishers are getting more sophisticated.

Does anything actually happen to those emails reported as "phishing"? (And if so --- what?)

I almost fell for an email from DHL saying they could not deliver my package because the maining address was incorrect. It had a handy link to edit the address. I hovered over the link, but I could not determine for sure if it was or was not legit. So, I called DHL and they confirmed they do not send such emails and it was definitely a hoax.

Also, the hovering advice is okay, but you must carefully look for sneaky lookalikes. One wrong character in a long url could send you where you do not want to be.

You state that grammar is important yet your writing contains an incorrect use of a pronoun. You wrote the following: In the workplace, it's becoming more common for an employee to receive an urgent message that appears to be from their boss or a customer, demanding some sort of immediate action.
Employee is singular. You referred to it with the pronoun their which is plural possessive. It doesn't make sense. It begs the question 'who are they?'
Unfortunately this kind of error is so common no one notices, which further advances the degradation of the English language.

EDITOR'S NOTE: See https://en.wikipedia.org/wiki/Singular_they

Password managers are NOT convenient.
Never seem to work seamlessly for me.
So many irritations too numerous to mention here.
Also "back up" - what where how, none of the efforts I have tried are simple, there is usually no simple test to ensure the back up is complete.
None are very practical solutions for the average user which is why compliance is so poor.

@Norm

Sorry but Bob's English grammar is much better than yours !! 'Their' is both a singular and plural pronoun

I received an email today claiming to be from Amazon and it had a PDF attachment. It seemed a bit odd to me that they would send a PDF file so I took a close look at the email address. It was from anazon.com (not amazon.com). I immediately deleted it.

Three points:

1. As a private individual, if you did not initiate ANY communication, you need to be suspicious. ANY = text, phone call, email. DO NOT ANSWER. Check using a different "channel" -- make a phone call or enter a URL directly.

2. As a worker whose job it is to respond to work-related emails, learn to use the mouse to hover over a link and READ THE LINK.

2a. How do you "hover" over a link on a touch-screen only device (iOS, Android, Windows)? The link preview you get can be tailored by the web site developer.

3. Take the following quiz to hone your ability to spot fake links:

https://www.opendns.com/phishing-quiz/

@Therrito: "anazon.com (not amazon.com)"

Great example of "typosquatting." Thanks!

Great information. I suggest everyone use a password manager. I personally do not like the online password managers. Just does not feel secure to me. I use a program called eWallet. It is a locally installed program that allows me to sync with my mobile devices over my home network. There is a one time fee but it is worth it.
I also like KeepPass which is free.
https://www.iliumsoft.com/ewallet/
https://keepass.info/

I received an email from an “ECODE” credit checking company my CREDIT UNION had contracted back in 2014 to check all (?) of our credit checkers. I have saved those monthly emails since and this was the first one that said “ALERT”. So I checked with my CU and they said the phone # was good so I called and they knew of my account back to 2014 and saw the “ALERT” this month.
BUT I had never activated the account which was why I would not try to sign in until now, so with the assurance it was legit, I open an account and found the new car I bought last month on car company credit of $1000 off cost and at 0.0% for life of the loan, had caused the alert.

First time I decided to use the company’s money instead of the whole thing from one of mine.

I have used LastPass for many years. I find password managers to be VERY convenient. Yes, there is a bit of a learning curve, but once you get the hang of it, you too will be able to boast to your friends and family:

"I have no idea what my Bank password is; I don't need to know."

And for the record, I truly don't know any of my bank or credit card passwords. I only know the MASTER password for LastPass: "the Last Password you will ever have to remember".

And PS: "their" is a pronoun for when gender is either unknown, both genders, or gender-irrelevant. "I don't know which person did that; their name is unknown to me."