When Phishing Isn’t Fun
March 30, 2021
Do you ever receive email, text messages, or phone calls that look like they’re from a reputable company requesting personal information? You may be the target of scammers who use tricky methods in attempting to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts. Scammers launch thousands of phishing attacks every day—and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year.
Recognize Phishing Messages
The following signs from the Federal Trade Commission (FTC) will help you recognize a phishing email, text message, or phone call:
- Phishing emails, text messages, or phone calls may look like they’re from a company you know or trust. They may look like they’re from a bank, a credit card company, a social networking site, an online payment website or app, or an online store.
- Phishing emails, text messages or phone calls often tell a story to trick you into clicking on a link, opening an attachment, or providing personal information. They may say they’ve noticed some suspicious activity or log-in attempts, claim there’s a problem with your account or your payment information, say you must confirm some personal information, include a fake invoice, want you to click on a link to make a payment, say you’re eligible to register for a government refund, or offer a coupon for free merchandise.
Know the Most Common Forms of Phishing
- Emails, text messages, or phone calls claiming to be from a legitimate retailer, shipper, bank, organization or government agency.
- Requests for charitable donations. (The FTC has a helpful Charity Checklist to review before you submit online donations.)
- IRS and tax-related emails, text messages, or phone calls.
- Requests to verify health insurance identification numbers and account sign-in information.
Protect Yourself from Phishing Attacks
Your email spam filters may keep many phishing emails out of your inbox. But scammers are always trying to outsmart spam filters, so it’s a good idea to add extra layers of protection. Here are some steps you can take to protect yourself from phishing attacks.
- Protect your computer by using security software.
- Protect your mobile phone by setting software to update automatically.
- Protect your accounts by using multi-factor authentication.
- Protect your data by backing it up.
- Check the email address of the sender. Make sure the address displayed when you roll your cursor over the email address matches the address displayed. Most legitimate businesses have a simple, standardized email domain, so an email from a bank might come from email@example.com, whereas a scammer’s address is less likely to follow this standard.
- Check for forged links. Even if a link contains a name you recognize, it doesn’t mean it links to the real organization. Roll your cursor over the link and see if it matches what appears in the email. If it doesn’t, do not click on the link.
- Don’t trust logos and corporate colors. Just because an email contains company logos and corporate colors doesn’t mean it’s a legitimate email.
- Beware of attachments. Don’t click on an email attachment unless you know the sender.
- Don’t proceed if you don’t see “https.” Secure websites for personal information begin with “https”—the “s” stands for secure.
- Requests for your personal information are warning signs.
- If it sounds too good to be true, it probably is.
Act if You Suspect a Phishing Attack
If you get an email, a text message, or a phone call that asks you to click on a link, open an attachment, or answer personal questions, ask yourself: “Do I have an account with the company or know the person who contacted me?” If the answer is “No,” it could be a phishing scam and you should report the message to the FTC and then delete it. If the answer is “Yes,” contact the company using a phone number or website you know is real, not the information in the email. Opening attachments and links can install harmful malware.
Forward phishing emails to the FTC at. firstname.lastname@example.org– or to Anti-Phishing Working Group at email@example.com. This nonprofit organization includes internet service providers, security vendors, financial institutions and law enforcement agencies. Your report is most effective when you include the full email header, but most email programs hide this information. You also can report the phishing attack online to the FTC at ftc.gov/complaint. You should also forward phishing emails you receive to the organization impersonated in the email.
Recover if You Respond to a Phishing Request
If you think a scammer has your information, like your Social Security, credit card, or bank account number, go to IdentityTheft.gov on the FTC website. There you’ll see the specific steps to take based on the information that you lost.
If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software. Then run a scan.
Don’t rely on caller ID or the incoming phone number listed to authenticate a caller’s identity. Scammers can use “spoofing,” where a caller causes a fake phone number to appear. This allows scammers to make it look like they’re calling from a legitimate business in an effort to steal your personal, financial, or health information.
Telephone scams are often carried out by individuals claiming to be from a trusted source, such as your insurance company or a government agency.
Email and internet scams are increasingly common and may target your personal or financial information or seek to compromise your devices.
Be suspicious of all emails, text messages, and phone calls you receive from unknown (and even some supposedly known) sources. Although you may want to delete and forget about any phishing activity that compromises your personal and financial information, you can keep a record of any security software purchases, lists of your passwords and corresponding online sites, and any reports about phishing activities you submit to authorities at insureyouknow.org.