Don’t Get Hooked by a Phishing Attack

The FBI 2024 internet crime report has truly shocking numbers. Internet crime losses are up 33% from 2023 and now exceed $16 billion.¹ The group most at risk? Seniors over the age of 65. The most common attack? Phishing.^1a

Phishing is the cyberattack fraudsters use to deceive you into revealing sensitive information so they can steal from you. Usernames, passwords, birth dates, and Social Security numbers are all targets for these attacks.

How do phishing attacks work?

They start by dangling the bait in front of you. You receive a text or email from what looks like a legitimate sender that contains phrases such as:

“Your account will be suspended”

“Free download”

“You have won”

“Suspicious activity in your account”

Then you are instructed to click on the link within the message. When you do, you are taken to a page that looks very much like one you are used to seeing and may even have the authentic logo of a legitimate business. You are then prompted to enter your personal information, which they will use against you.

One common scheme is a fake message from your bank stating there is unusual activity in your account and asking you to log in and verify. The email looks legitimate. If you click on the hyperlink in the email, the landing page resembles your bank’s website, including what appears to be your bank’s logo. Unfortunately, this is a scam—once you enter your email and password, they have stolen your banking information.

The biggest reason that these crimes work is human nature. These attacks play to our emotions and look legitimate. Verizon reports that in 60% of these attacks it is the human element that allows them to work.²

 How can you prevent a phishing attack? Here are a few tips:

• Never click on links in unsolicited emails or text messages.
• Don’t be rushed into acting by phrases such as:
  • “Urgent”
  • “Last change”
  • “Time is running out”
• Never open attachments unless you are expecting them.
• Don’t call unfamiliar numbers left in text messages, suspicious emails, or unsolicited voicemails.
  

• Contact the actual company immediately via their phone number, not the number in the message.
• Disconnect from the internet, especially if you have clicked a fake link.
• Change all your passwords. Don’t use the same password multiple times. A password keeper is your friend.
• Report the scam to authorities.

Typically, you are not covered under your Homeowners Insurance Policy for cybercrimes. There can be large financial consequences if you are a victim. Ask your insurance provider what cyber insurance coverage may be right for you. They can help you evaluate the trade-offs between costs and coverage.

Remember that if someone is dangling an attractive morsel in front of you, don’t click on it, or you might get hooked into a phishing attack!

Sources:

1. 81 Phishing Attack Statistics 2025: The Ultimate Insight

2. 2021_IC3Report.pdf

3.  2025 Data Breach Investigations Report | Verizon

Disclosures:

Apella Capital, LLC (“Apella”), DBA Apella Wealth is an investment advisory firm registered with the Securities and Exchange Commission. The firm only transacts business in states where it is properly registered or excluded or exempt from registration requirements. Registration of an investment adviser does not imply any specific level of skill or training and does not constitute an endorsement of the firm by the Commission. Apella Wealth provides this communication as a matter of general information. Any data or statistics quoted are from sources believed to be reliable but cannot be guaranteed or warranted.