As part of an extra credit unit on internet safety, I presented a lesson on how to recognize phishing attempts with vision impairments, inclusive of blind and low vision individuals. Phishing is defined as “the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication.” Phishing attempts have decreased over the years with the improvement of spam filters, but I still regularly encounter phishing attempts over email, texting, instant messaging, and social media posts. Here are my tips on how to recognize phishing attempts with low vision and how people can protect themselves against phishing attempts.
Examples of phishing attempts
Some examples of phishing attempts that have been sent to my college email address and blog email include:
- Someone posing as a university faculty member to get my student identification number
- Receiving a receipt for an order I didn’t place
- Getting sent a fake job application for a researcher position
- Receiving an email from a misspelled email address asking for my computer login
- Requests for guest posts that require accessing my email list
- My friend’s email getting hacked and the hacker sending a message to all of their contacts requesting money
- An email saying that I could log in to an account by emailing the sender my username and password
- Interview requests for well-known media outlets with false contact information
- Notifications for bank or PayPal accounts that require me to click links to log in or call a phone number that isn’t associated with them
Here is an example of a phishing email I received in 2023 that is for an order I didn’t place at a business I’ve never heard of. Apparently, I ordered an inflatable water slide!
Who is at risk for phishing attempts?
Anyone can become a victim of a phishing attempt, but people with vision loss may be at a higher risk due to the following factors:
- Email addresses sounding similar when read out loud by screen readers
- People assuming that they have to login a specific way because they use assistive technology
- Opening attachments without thinking because they frequently receive attachments with accessible documents
- Using modified displays to read emails, which can mask things like odd text formatting or logo designs
- Limited technology skills in older populations
So how can users prevent and respond to phishing attempts? Here are my favorite tips:
First, do not get scared
One of my friends gave me permission to share the specific story of how they were a victim of a phishing attempt. They had gotten an email that said they were at risk of being terminated from our university since they did not have the correct student information on file. My friend panicked and sent back their student number, email, and password, because they were worried that it would affect their registration for classes. Their email account was shut down and it took several days to fix everything. If you get an email that says there is a serious consequence for not complying with a specific request, try and verify who sent it. In the meantime, do not do anything or send information.
Read the email address
Anyone can create an email address, and can use aliasing tools and other techniques to make an email address look like it came from a specific company. If I’m not sure if an email is genuine, I will magnify the text and read every single character of an email address when deciding if an email is legit. Then, I verify the email address by running a web search to ensure that the sender is who they say they are. One of my friends had their email hacked because they thought they were replying to an email address associated with their workplace, and it turned out that wasn’t the case.
Call a trusted phone number
If I don’t recognize an email from my university, I call the associated department and ask if they sent an email to me, or if they are aware of an email advertising a specific service. When I was an IT major, I would frequently receive scam emails for tutoring services and internships that were allegedly verified by the IT department, but in many cases these turned out to be phishing attempts when I called the department for more information. If a phishing attempt appears to be coming from a business, you can use the Google Assistant or Siri to look up their contact information and verify if it is accurate.
I typically avoid calling a phone number that is listed in a suspected phishing email and prefer to find the actual phone number on my own. Some companies have dedicated lines for reporting phishing and scam attempts.
- Why I Use Accessibility Support Phone Numbers
- How I Use Google Assistant While Traveling
- Ten iOS Shortcuts For Visual Impairment
Contact the information desk
At my college, students can forward suspected scam, spam, and phishing emails to Information Technology Services, which will verify if an email is legitimate or not and post alerts online about scam emails that are sent to students. I’ve used this service multiple times and find it super helpful, including when I received emails that I didn’t think could possibly be real, like when I received a housing violation and when I was dropped from all of my classes.
Don’t send anything
Never send sensitive email addresses, login information, passwords, or credit card numbers over email, whether it’s with strangers or trusted individuals such as teachers, family members, or professionals. Even if I completely trust the sender, emails can be forwarded, copy/pasted, and shared to others without me knowing.
Pay attention to the language
Very generic sounding greetings or vague requests are common signs of phishing attempts. If I read an email addressed to “website owner” or “university student,” I’m not likely to take it seriously and will typically just delete it without verifying any information. It’s just not worth dealing with. Other examples of things to watch for include improper grammar, incorrect uses of contractions, weird sounding email signatures, and similar.
Learn how to create secure passwords
Knowing how to create secure and easy-to-type passwords is a fantastic skill to protect against phishing attempts, because people who change their passwords frequently are less likely to get hacked. I have an entire post about creating secure passwords which is linked below.
- How To Create Secure And Easy To Remember Passwords
- Ten Information Technology Skills Every College Student Needs
If you are the victim of a phishing attempt
Are you the victim of a phishing attempt? Here are my recommendations for what to do as soon as you find out:
- Change your passwords across all accounts immediately, starting with your email password since that can give people access to any of your accounts
- Call the credit card company and suspend your account, and watch for any weird charges
- If it is a school or work email address, contact the information technology desk or similar office
- Check your most-used accounts and make sure you can still access them
Phishing attempts can be very frustrating and even terrifying, but by using these tips, people with vision impairments can further protect themselves against phishing attempts and know how to verify information when needed. The best advice I’ve received when it comes to phishing attempts is “if you think it’s a phishing attempt, you’re probably right!”