How To Recognize Phishing
Scammers employ email or text messages to attempt to obtain your passwords, account numbers, or Social Security numbers. If they acquire this information, they could gain access to your email, bank, or other accounts. Alternatively, they might sell your information to other scammers. Scammers launch thousands of phishing attacks like these daily, and they are often successful.
Scammers frequently adapt their tactics to stay current with the latest news or trends. However, here are some common phishing email or text message tactics:
Phishing emails and text messages often employ storytelling techniques to deceive you into clicking on a link or opening an attachment. You may receive unexpected emails or text messages that appear to be from reputable companies such as banks, credit card companies, utility companies, or online payment websites or apps. These messages could be crafted by scammers who aim to trick you into providing sensitive information.
- say they’ve noticed some suspicious activity or log-in attempts — they haven’t
- claim there’s a problem with your account or your payment information — there isn’t
- say you need to confirm some personal or financial information — you don’t
- include an invoice you don’t recognize — it’s fake
- want you to click on a link to make a payment — but the link has malware
- say you’re eligible to register for a government refund — it’s a scam
- offer a coupon for free stuff — it’s not real
Here’s a real-world example of a phishing email:
Imagine you receive this email in your inbox. At first glance, it appears legitimate, but it’s not. Scammers send emails like this one with the intention of deceiving you and avoiding detection.
Here are signs that this email is a scam, even though it appears to be from a company you know and even uses the company’s logo in the header:
- The email has a generic greeting.
- The email says your account is on hold because of a billing problem.
- The email invites you to click on a link to update your payment details.
While real companies may communicate with you via email, legitimate companies will not send emails or text messages containing links to update your payment information. Phishing emails can have serious repercussions for individuals who provide scammers with their personal information, including identity theft. Additionally, these emails can damage the reputation of the companies they are impersonating.
How To Protect Yourself From Phishing Attacks
Your email spam filters may effectively block many phishing emails from reaching your inbox. However, scammers are constantly devising ways to bypass these filters. Therefore, implementing additional layers of protection can significantly enhance your security. Here are four effective methods to safeguard yourself from phishing attacks.
Four Ways To Protect Yourself From Phishing
1. Protect your computer by using security software. Set the software to update automatically so it will deal with any new security threats.
2. Protect your cell phone by setting software to update automatically. These updates could give you critical protection against security threats.
3. Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The extra credentials you need to log in to your account fall into three categories:
- something you know — like a passcode, a PIN, or the answer to a security question.
- something you have — like a one-time verification passcode you get by text, email, or from an authenticator app; or a security key
- something you are — like a scan of your fingerprint, your retina, or your face
Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.
4. Protect your data by backing it up. Back up the data on your computer to an external hard drive or in the cloud. Back up the data on your phone, too.
What To Do if You Suspect a Phishing Attack
If you get an email or a text message that asks you to click on a link or open an attachment, answer this question:
Do I have an account with the company or know the person who contacted me?
If the answer is “No,” it could be a phishing scam. Go back and review the advice in How to recognize phishing and look for signs of a phishing scam. If you see them, report the message and then delete it.
If the answer is “Yes,” contact the company using a phone number or website you know is real — not the information in the email. Attachments and links might install harmful malware.
What To Do if You Responded to a Phishing Email
If you suspect that a scammer has obtained your personal information, such as your Social Security number, credit card, or bank account number, visit IdentityTheft.gov. There, you’ll find detailed instructions on the specific steps to take based on the information that has been compromised.
If you suspect that you clicked on a link or opened an attachment that downloaded harmful software, immediately update your computer’s security software. Afterward, run a scan and remove any identified issues.
How To Report Phishing
If you got a phishing email or text message, report it. The information you give helps fight scammers.
- If you got a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org
- .
- If you got a phishing text message, forward it to SPAM (7726).
- Report the phishing attempt to the FTC at ReportFraud.ftc.gov.
