Share this
Why Phishing Attacks Are a Big Deal
by Serena Raymond on Apr 16, 2020 12:00:00 AM
Everyone using a computer has gotten a phishing email. While you might not be able to claim that you are a victim of a phishing attack, you’ve likely heard of the scam. If this is the first time you’re hearing about phishing attacks, in this blog post we’ll show you why they’re such a big deal.
What is phishing?
Hopefully this shouldn’t be a surprise, but the term “phishing” is a play on “fishing.” The whole idea of a phishing attack is to lure someone into handing over sensitive information. So in a sense, hackers are casting a line and waiting to see who gets hooked.
How do hackers do this?
They set up deceptive websites or send out an email to intentionally misguide someone into handing over their information.
This can take many forms, but there are a few major examples that I’ll share here.
1. The not-your-real-login login page
This is when a page looks like a login you use all the time, but in reality it’s a phishing scam. Duplicating Office 365 login pages is a common tactic that hackers use.
The key is looking at the URL of the page for anything fishy.
2. The donate-to-a-good-cause charity website
Unfortunately, hackers are very eager to take advantage of people’s desire to support good causes. They do this by setting up fake causes for you to care about and donate to. Most often, they utilize recent tragedies getting a lot of coverage in the news. Then, they’ll set up a page claiming that any funds you donate will go to help the cause you care about.
What these hackers really want are your login credentials.
3. The your-boss-needs-your-help email forward
This tactic seems to be most successful, and it’s one I’ve seen firsthand in my own inbox.
The email might come from someone you don’t know, but the body of the email will have a long email forward that includes a message from your boss expressing that they need money wired to them and it is urgent. The person will usually claim to be a friend or relative of your boss and supply you with a link so that you can wire possibly thousands of dollars to your boss.
An alternate version of this email omits the forward completely and is sent from an email attempting to mimic your boss’ email. This is done by either creating a Gmail account with your boss’ name in it, or even registering a domain that is similar to your company’s domain. So if I were to receive a message from “ken@dnsfltr.scam”, I might think it’s from our CEO at first-glance.
Well, if “scam” is in the address, I hope I don’t fall for that one.
4. The there-is-a-problem-with-your-bank-account urgent email
Another favorite tactic of scammers. Everyone pays attention when it comes to their bank account being in jeopardy. So if you get an email claiming that you need to take action in the form of transferring money from your account, double-check that email.
These types of scams usually have “bank” in the sender address. But if it doesn’t match the name of your current bank, do not click anything in that email. Even if it does, call your bank first and talk to them.
A few commonalities you’ll find in a lot of phishing schemes are:
- Typos everywhere
- Strange spelling and grammar
- A sense of urgency (usually an undue sense of urgency)
- Links displayed are different from the actual links (you can confirm this out by hovering your cursor over a link)
- Suspicious email senders
- Suspicious email attachments
- Emails don’t address you by name (“Sir/Madam” instead of “Serena”)
Why is phishing such a popular method for hackers?
Phishing attacks are easy to deploy. If you’ve seen some of these emails, you probably understand that they’re low effort. Once they have the links where people can hand over bank account information or online logins, they can send blasts. A lot of their attempts get filtered through spam detectors, but enough get through those detectors that it’s worth their while.
It’s also worth noting that a single phishing attack can result in a huge payout. Barbara Corcoran fell for a scheme and paid over $400,000. Mattel nearly lost $3 million in 2015 to a phishing scam, but luckily because of bad-timing on the part of the hacker, they were able to recoup that money. Over a period of a few months, the European theater chain Pathé lost nearly $21 million because they were unknowingly wiring money to fraudsters.
Hackers can launch hyper-targeted campaigns, aiming to steal money from major companies using phishing attacks. Or, they can set up a more generic phishing scheme in an attempt to get smaller payouts from a wide range of people.
The big takeaway here is that there are a variety of phishing scams that hackers can deploy depending on how dedicated they are to the scam. And it’s proven time and again that these scams work.
Should I be concerned about phishing scams?
Honestly, everyone should be concerned about phishing scams. That doesn’t mean you should be afraid to open your email or click on links every time you open your computer. But it does mean that you should be careful online. Knowing that these phishing attacks are out there is the first step.
How can I stop phishing attacks?
Education is a huge factor in minimizing the number of people who fall for phishing scams. But part of the reason these scams work is because the hackers that deploy these attacks are clever. So educating your employees is step No. 1 in prevention. Tell them what to look for.
Another way you can prevent phishing attacks is adopting a solution for DNS protection. This takes the responsibility of determining if something is a threat or not out of the hands of your employee. If DNS protection software deems a site is a phishing website, it will not allow you to view the page. If you’re sent a phishing email asking you to transfer money, it won’t open any links you click within the email.
To keep your staff from becoming another victim of phishing attacks, you need to put security in place to protect them.
Share this

Managing endpoint security across an organization—whether as an MSP overseeing multiple customers or an admin overseeing a tech stack—should be simple, efficient, and effective. That’s why we’re excited to introduce a revamped Roaming Client management experience, designed to provide greater confidence and ease in managing your fleet of DNSFilter Roaming Clients.

Why DNS Security Matters for ISO 27001 Certification
DNS security is more than just a technical concern—it’s a pillar of ISO 27001 compliance. As businesses work to protect sensitive data, secure network infrastructure, and meet regulatory requirements, DNS security solutions play a critical role in achieving ISO 27001 certification and ensuring compliance with evolving security standards.

The Old-School Operations Role: Backbone or Bottleneck?
In the early days of IT, the operations team was the unsung hero—the silent, and often siloed, force that kept everything running. They were responsible for the infrastructure: Servers, databases, and networks that powered the business. They managed deployments, monitored systems, and ensured uptime. If it was working, no one noticed them. If it wasn't? Well, then the questions started: "Wha...