What is Phishing?
Phishing is a type of cyber attack where criminals send fraudulent emails or texts, or create copycat websites to get you to share personal information like passwords, account numbers, or credit card details.
The messages often look like they’re from a company you know or trust like a bank, credit card company, social media site, or online payment website. They may threaten to close your account or charge you a fee if you don’t update your information.
Phishing relies on tricking you into clicking on a link or opening an attachment to launch malware, direct you to a fake website, or steal your login credentials.
How Phishers Try to Fool You
Phishers use a variety of tricks to make their messages look authentic:
-
Spoofing – They spoof the sender address so messages appear to come from a legitimate organization.
-
Branding – They use logos and formatting that mimic the real company.
-
Creating urgency – Phishing emails often threaten account closure or other negative consequences if you don’t act quickly.
-
Directing to fake sites – Links and attachments take you to convincing but fraudulent websites and forms.
-
Asking for sensitive info – Phony sites request personal data like credit card and Social Security numbers.
Examples of Phishing Attacks
Some common phishing scams include:
Emails claiming to be from banks, PayPal, etc.
These request you to verify account information. They may threaten account suspension if you don’t act quickly. Links go to fake sites that steal login credentials or launch malware.
Customer support messages
These claim you must update account settings, verify a purchase, review a declined transaction, or resolve another issue urgently. They aim to steal personal and payment details.
Security alerts about hacked or frozen accounts
These emails ask you to log in to your account immediately to avoid being hacked or locked out. But the login links send your credentials to the scammers.
Password reset requests
These instruct you to use the provided link to change your password for security reasons. The link leads to a fake page that steals your login credentials when entered.
Shipping notifications with tracking links
These include fake tracking links that install malware or lead to phishing sites requesting personal information to ship your item.
How to Spot Phishing Scams
Here are some red flags to help identify and avoid phishing attacks:
- Urgent requests for personal data or threats of account closure
- Suspicious sender address – hovering on links can reveal a different URL
- Spelling and grammatical errors
- Requests for sensitive information like passwords or Social Security numbers
- Generic greetings like “Dear user” instead of your name
- Unusual requests from known contacts like wire transfer requests
Use caution with any unsolicited message and verify legitimacy before clicking on links, attachments, or submitting information.
Protecting Yourself from Phishing
Here are some tips to avoid falling victim to phishing scams:
-
Enable two-factor authentication (2FA) on accounts when possible – this requires secondary confirmation of your identity when logging in from new devices.
-
Check for padlocks and “https” in websites you visit – the “s” indicates encryption is protecting your information.
-
Don’t click on links or attachments in unsolicited emails – type known website URLs directly into your browser.
-
Use antivirus software and keep apps/systems up-to-date to avoid malware.
-
Be suspicious of requests for personal data – legitimate companies won’t ask for sensitive info over email.
-
Hover over links to check their actual destination before clicking. The link text and URL may differ.
-
Don’t reply to suspicious emails – delete them so scammers know they’ve reached an active address.
-
Use secure, unique passwords for each account – password reuse allows scammers wider access.
-
Set up alerts on financial accounts to detect unauthorized access immediately.
What to Do If You Get Phished
If you suspect you entered information on a phishing site or opened a suspicious attachment, take these steps immediately:
-
Reset account passwords – use a secure device to change passwords on any compromised accounts.
-
Contact institutions to verify legitimacy of suspicious emails/calls before providing info.
-
Scan devices for malware – run antivirus software to check for and remove malware.
-
Place fraud alerts and monitor credit reports for signs of identity theft.
-
Report phishing scams to organizations impersonated and the FTC to help warn others.
Staying vigilant against phishing protects your personal and financial data. Confirm legitimacy before acting on requests, use strong unique passwords, enable two-factor authentication, and watch for urgent appeals, spelling/grammar issues, and other red flags. Report scams to help identify emerging threats and shut them down faster.