Written by: Jim Stickley and Tina Davis

Phishing isn’t new, but it’s evolving faster than ever, and if you’re not paying attention, you could be the next victim. These scams trick you into handing over personal information—logins, financial details, or even access to your entire business network by impersonating trusted sources. Whether through email, text, or cleverly crafted websites, cybercriminals are always one step ahead, looking for new ways to exploit unsuspecting users.

Why Should You Care?

Phishing is one of the most dangerous cyber threats today because it preys on human nature. And it’s getting worse now that AI has fully entered the picture. We’re busy, we trust what looks familiar, and let’s face it, most of us don’t scrutinize every email or text message we receive. But one wrong click can lead to a whole host of problems:

Financial Trouble – Your financial account drained or unauthorized charges racking up on your payment card.

Identity Theft – Once hackers have your personal info, they can wreak havoc on your credit, file fraudulent tax returns, or even impersonate you.

Malware Infections – Some phishing attempts install ransomware or keyloggers, locking you out of your own system or tracking everything you type.

Business Compromise – Companies lose millions due to phishing, and reputations get destroyed when customer data is stolen.

Real-World Phishing Scams Happening Right Now

These aren’t just hypothetical threats, here’s what’s happening in the wild:

1. Gmail Phishing Scams on the Rise

If you have a Gmail account (and 1.8 billion people do), you’re a target. Attackers are mimicking Google sign-in pages so well that even seasoned tech users are falling for it. Even worse, they’ve found ways to bypass two-factor authentication, so once they’ve got you, they’ve really got you. Google has been in the news a lot lately for various data breaches and other security issues.

2. AI is Making Phishing Smarter

Cybercriminals are using AI to create incredibly convincing phishing messages. Fake voice recordings, video messages, and AI-generated emails are fooling even the most cautious users. If you think phishing emails are easy to spot, think again. And not only are they difficult to see, but now that they’re using voice phishing (vishing), they’re getting more difficult to hear.

3. The Google Calendar Trap

Hackers are now exploiting Google Calendar and other Google apps to sneak phishing links past spam filters. You might think an invite or a shared doc is safe—until it leads to a page designed to steal your login details.

4. Russian Hackers Target Signal Users

Encrypted messaging app Signal has been hit by phishing attacks using fake QR codes. The goal? Link victims’ accounts to attacker-controlled devices, giving hackers full access to private messages. Signal has rolled out new security features in response, but the threat is still out there. Don’t expect this to be limited to only Signal. Other messaging apps are vulnerable too.

How to Protect Yourself

• Think before you click. If an email, text, or link seems off, double-check it before taking action.
• Enable multi-factor authentication. This could be a one-time SMS code, but for more security, use an authenticator app, hardware authentication tool, or passkey.
• Verify requests for sensitive information by making a phone call or by visiting the official website directly.
• Stay informed. Cybercriminals are constantly changing tactics, and staying ahead means staying educated.

Phishing isn’t going away—it’s just getting smarter. The more you know, the safer you’ll be. Don’t wait until it happens to you—take action now.

The views, opinions, and ideas expressed in this blog do not constitute legal or financial advice. The writers of these blogs are educated on the topics they are writing about, but they are not attorneys, licensed financial advisors, or registered investment advisors. The information presented in this blog post was deemed to be accurate at the time of publication. First Heritage Federal Credit Union is not responsible for any actions a person may take as a result of the information they read in this blog.