As part of an extra credit unit on internet safety, I presented a lesson on how to recognize phishing attempts with vision impairments, inclusive of blind and low vision individuals. Phishing is defined as “the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication.” Phishing attempts have decreased over the years with the improvement of spam filters, but I still regularly encounter phishing attempts over email, texting, instant messaging, and social media posts. Here are my tips on how to recognize phishing attempts with low vision and how people can protect themselves against phishing attempts.
Some examples of phishing attempts that have been sent to my college email address and blog email include:
Here is an example of a phishing email I received in 2023 that is for an order I didn’t place at a business I’ve never heard of. Apparently, I ordered an inflatable water slide!
Anyone can become a victim of a phishing attempt, but people with vision loss may be at a higher risk due to the following factors:
So how can users prevent and respond to phishing attempts? Here are my favorite tips:
One of my friends gave me permission to share the specific story of how they were a victim of a phishing attempt. They had gotten an email that said they were at risk of being terminated from our university since they did not have the correct student information on file. My friend panicked and sent back their student number, email, and password, because they were worried that it would affect their registration for classes. Their email account was shut down and it took several days to fix everything. If you get an email that says there is a serious consequence for not complying with a specific request, try and verify who sent it. In the meantime, do not do anything or send information.
Anyone can create an email address, and can use aliasing tools and other techniques to make an email address look like it came from a specific company. If I’m not sure if an email is genuine, I will magnify the text and read every single character of an email address when deciding if an email is legit. Then, I verify the email address by running a web search to ensure that the sender is who they say they are. One of my friends had their email hacked because they thought they were replying to an email address associated with their workplace, and it turned out that wasn’t the case.
If I don’t recognize an email from my university, I call the associated department and ask if they sent an email to me, or if they are aware of an email advertising a specific service. When I was an IT major, I would frequently receive scam emails for tutoring services and internships that were allegedly verified by the IT department, but in many cases these turned out to be phishing attempts when I called the department for more information. If a phishing attempt appears to be coming from a business, you can use the Google Assistant or Siri to look up their contact information and verify if it is accurate.
I typically avoid calling a phone number that is listed in a suspected phishing email and prefer to find the actual phone number on my own. Some companies have dedicated lines for reporting phishing and scam attempts.
At my college, students can forward suspected scam, spam, and phishing emails to Information Technology Services, which will verify if an email is legitimate or not and post alerts online about scam emails that are sent to students. I’ve used this service multiple times and find it super helpful, including when I received emails that I didn’t think could possibly be real, like when I received a housing violation and when I was dropped from all of my classes.
Never send sensitive email addresses, login information, passwords, or credit card numbers over email, whether it’s with strangers or trusted individuals such as teachers, family members, or professionals. Even if I completely trust the sender, emails can be forwarded, copy/pasted, and shared to others without me knowing.
Very generic sounding greetings or vague requests are common signs of phishing attempts. If I read an email addressed to “website owner” or “university student,” I’m not likely to take it seriously and will typically just delete it without verifying any information. It’s just not worth dealing with. Other examples of things to watch for include improper grammar, incorrect uses of contractions, weird sounding email signatures, and similar.
Knowing how to create secure and easy-to-type passwords is a fantastic skill to protect against phishing attempts, because people who change their passwords frequently are less likely to get hacked. I have an entire post about creating secure passwords which is linked below.
Are you the victim of a phishing attempt? Here are my recommendations for what to do as soon as you find out:
Phishing attempts can be very frustrating and even terrifying, but by using these tips, people with vision impairments can further protect themselves against phishing attempts and know how to verify information when needed. The best advice I’ve received when it comes to phishing attempts is “if you think it’s a phishing attempt, you’re probably right!”
By Veronica Lewis/Veronica With Four Eyes, www.veroniiiica.com
Updated February 2024; original post published November 2019.
Back to Paths to Technology’s Home page