Watch out Dunedin: Signs of a Phishing Attack
Published on February 04, 2026
Written by Dr. Clinton Daniel, University of South Florida, Muma College of Business
It’s a beautiful Florida day and the ocean breeze is blowing through the palms of Dunedin. A local bar owner walks into his business and his cell phone pings with the sound of a new email. Across town, a local restaurant owner walks into her kitchen to prepare the menu for the day and suddenly her cell phone chirps with a new text message from an unknown number. While this day may have started out beautiful and full of the colors Dunedin has to offer its citizens, a sign of darkness may be on the horizon for these two business owners.
What is Phishing?
You may or may not have heard of the cyberattack term Phishing. What is it? Why do the citizens and businesses of Dunedin need to know about it? Well, it starts with understanding that today there are so many technologies in our lives that are meant to make tasks easier, more efficient, and accessible. But, like many other things, what can be used for good can sometimes be leveraged as a tool to cause harm.
Phishing is a sophisticated cyberattack where criminals or other threat actors attempt to deceptively communicate with a person to acquire sensitive information. Sensitive information could include things such as credit card numbers, passwords, or bank account numbers.Malicious threat actors may use the sensitive information to conduct criminal activities such as identify theft, financial loss, data breaches, or other digital crimes.
In simple terms – Phishing is when someone is trying to trick you into giving them sensitive information. Just like when a fisherman uses bait to catch a fish off the shores of Dunedin, a malicious person can use technology to phish for your information.
What is Social Engineering?
When someone attempts to phish for your information, they can use a technique called social engineering. They do this by applying manipulative tactics that can exploit urgency, authority, and trust. Tactics may include sending deceptive text messages or emails. Social engineers master the ability to manipulate people by exploiting our human psychology and typical behavioral patterns.
For instance, to exploit urgency, an attacker may use language that leads you to believe that there may be negative consequences if you do not do something immediately such as paying a fee or updating sensitive information. We are only human to initially react with a sense of urgency that we need to do this right now because we don’t want to risk the consequences of inaction.
The citizens and businesses of Dunedin rely on the authority of City officials and the services they support. A social engineer may conduct a phishing campaign designed to trick local businesses into thinking that an official request for information is coming from a City of Dunedin service. The text message or email has an official logo and uses the language we often hear from our public officials. At first glance, it is easy to trust the message and immediatelyconsidercomplying with its demands. Should we act now or should we look at the message a little closer before we take action?
What are some of the signs?
The signs of a phishing attack are not always obvious and sometimes require us to pause and investigate a message before taking any action on a request for information. Whether it’s an email, text message, social media message, phone call, or some to other messaging app on our smart phones there should be a minimal examination to determine who it is from.
Smart phones and cellular carriers have improved their ability to identifyand manage unwanted spam calls or messages so that we can immediately block them. But sometimes text or app messagescan be tougher to interrogate. For instance, messages can come from automated systems with short codes (4, 5, or 6 digits) or unfamiliar phone numbers for all kinds of reasons. These messages can be used to impersonate banks, government agencies, or retailers and often include links to click on or numbers to call. You should immediately pause before acting on any unfamiliar phone number.
Email messages can come with many signs of a phishing attack. Just as you should do with any messaging app, you should always examine who the email is FROM first. While you can easily evaluate a full or short code phone number in a text message, you must break apart an email address to examine its sender.
The FROM (sender) email address is broken down into two basic parts and separated by the @ symbol. Do not click on the email message and do not trust the display name. Instead, you may have to hover over or click the sender’s name to reveal the actual email address. You should always look to the right of the @ symbol first to identify the organization the sender is from. This is called the domain. Look closely for misspellings or unfamiliar organizational domains.
For instance, consider a message which may typically come from an expected legitimate email address: [clinton.daniel@dunedin.gov]. Instead of the legitimate email address, an attacker could disguise it as [clinton.daniel@dunedin-gov.org] or use a free email provider, such asgmail, to create [clinton.daniel_dunedin_gov@gmail.com]. The email may include the legitimate logo and urgent request language typically used by the City of Dunedin. But you may miss that the organizational domain name [dunedin-gov.org] is not legitimate or thefree gmail address is not a real government account. This is a perfect opportunity for a criminal to phish you for information.
What can we do to prevent this?
If you are not immediately familiar with the source sending you any type of message, do not reply, click on links, or call any phone number listed in the message. Instead, if you have a need to contact the source, research the phone number from a legitimate source (such as the organization’s website) and call them to verify whether the message is a scam or legitimate.
The value of a community is communication. Reach out to your family, friends, neighbors, and others you care about and share your experiences. Tell them what you learned from the failed or successful attempt to phish you or someone you know for information. All of us are vulnerable to phishing attacks and it takes a community effort to protect the citizens of Dunedin.