Phishing is by no means a new threat to consumers and businesses. Yet, it continues to claim more and more victims every year. In fact, phishing was the most common type of Internet crime reported to the FBI in 2021, according to the agency’s Internet Crime Report.
Chances are, you’ve been targeted by a phishing attack. You might not have realized it, though, because phishing can be hard to spot if you’re not familiar with scammers’ tactics. To avoid becoming a victim, here’s what you need to know about this threat to your security.
What is phishing?
Phishing is a term used to describe emails, text messages and other types of communication sent by scammers to trick people into revealing personal information.
Phishing emails and text messages typically appear to come from legitimate organizations and prompt recipients to click on a link within the message. Those links either connect to fake websites or contain malware that can infect computers. The goal is to get victims’ account numbers, login credentials, Social Security numbers or other sensitive information to access their accounts or steal their identities.
[ Read: How Seniors Can Protect Their Credit and Identity ]
How to recognize phishing
Phishing scams tend to have telltale signs. If you can recognize the red flags, you can avoid becoming a victim. According to the Federal Trade Commission, Microsoft and antivirus and security software company Norton, you should be on the lookout for the following:
- The sender appears to be an organization or company you know. Phishing emails and text messages usually look like they come from a legitimate organization such as a bank, credit card company, government agency, retailer, online payment service or social media website. They might even include a company or agency logo within the body of the email.
- The message contains an urgent call to action. Scammers aim to trick you into providing personal information by claiming that there is a problem with your account, that you need to confirm your account information, that you need to make a payment to avoid fees or that you need to take some sort of action to avoid a negative consequence. Messages might also claim that you have won a prize or are entitled to a refund or some sort of payment and that you need to take action to claim it.
- The greeting is generic. If you get a message supposedly from a company you have an account with addressing you as “Dear sir or madam,” account holder or user, it’s likely a scam. Companies where you have accounts or have done business with should have your name on file, and it’s easy for them to personalize emails.
- The message contains spelling errors or bad grammar. Legitimate organizations typically take the time to ensure that emails they send are written correctly. So messages with misspelled words and grammatical errors are a tip-off that they might have been written by scammers—who even can be in foreign countries and don’t speak English as a first language.
- The email domain is mismatched. Check the email address of the sender to make sure it’s coming from a legitimate organization. For example, an email from your bank shouldn’t be sent from another domain such as gmail.com or hotmail.com. The email address should correspond with the company’s web address. Even if it appears to come from a legitimate company’s domain, check the spelling of the company name in the email address for mistakes such as letters replaced by numbers (Micros0ft with a zero, for example).
- There are links or attachments in the message. Phishing emails and text messages will prompt you to click on a link or open an attachment to respond to whatever issue to which they are alerting you. Links can take you to fraudulent websites that will capture any personal or account information you enter. Often, you can spot that links are fake by hovering over them with your mouse to see the web address. Attachments can have malware that can spy on your computer activity.
Common phishing scams
Although scammers are constantly implementing new approaches and impersonating different companies, here are several common phishing scams.
Account deactivation: Scammers send emails and text messages notifying you that your account will be deactivated unless you confirm account details.
Tech support: Scammers impersonate technology companies, claim that there is an issue with your computer or software that needs to be fixed and ask for payment to fix the problem.
Customer support: Scammers send messages for a variety of customer support issues such as fraudulent transactions, compromised accounts and suspicious login attempts. A recent scam involves text messages supposedly from banks claiming that transactions have been made from customers’ accounts using payment transfer services such as Zelle.
Charge for an item you didn’t buy: Scammers try to con people into handing over their credit card information by sending them emails about purchases they didn’t make (often iPhones) and telling them they need to act quickly to reverse the charge if they didn’t make the purchase.
Prize offers: Watch out for emails or text messages with offers of prizes, freebies or even government payments or refunds that you can claim by providing personal or account information.
Fund transfer request: Scammers might pose as your boss in an email or text message and ask to wire funds or purchase gift cards for clients or pose as a friend in need of money. Always double check before sending money by calling the person who supposedly is messaging you.
[ Find Out: Beware of Scams Targeting Your Bank Account ]
How to protect yourself from phishing
Keeping your computer safe by installing and updating antivirus software and turning on automatic software updates for your mobile device can provide protection against security threats. It’s also smart to use multi-factor authentication for your accounts to make it harder for hackers to access them if your login credentials fall into the wrong hands.
However, the best defense against phishing is a good offense. Take these steps to guard against scammers who want to trick you into providing your personal information.
- Don’t open suspicious emails or text messages from organizations you don’t have accounts with or haven’t done business with and from people you don’t know.
- Don’t click on links in emails or text messages unless you know where the links will go and are certain the email is from a trusted source. If you are unsure, search online for the website or phone number of the company that supposedly sent the message and contact it directly to find out if it was trying to reach you.
- Don’t provide personal or account information in response to an email or text message. Financial institutions and government agencies won’t contact you in this way and ask for details such as your account numbers, passwords or Social Security number.
- Use spam filters for your email accounts to block suspicious emails. However, be aware that phishing emails still can get through filters, so always be alert to red flags.
- Don’t click on pop-up ads when visiting websites. These ads and alerts can pop up even on legitimate sites and can install malware on your computer if you click on them.
- Don’t reuse passwords for multiple accounts. If you do and scammers get your login credentials through a phishing attack, they’ll be able to access all of your accounts.
What to do if you become a victim
The Federal Trade Commission recommends updating your computer’s antivirus software and running a scan to detect malware if you open an attachment in a phishing email. If you provide any personal information or make a payment in response to a phishing message, you’ll need to take several additional steps.
The FTC’s IdentityTheft.gov website provides a list of steps to take depending on what information was stolen. You likely will need to change password for or close accounts that have been compromised, check your credit reports for accounts or charges you don’t recognize and place a security freeze on your credit reports to prevent new accounts from being opened in your name.
You can report phishing emails by forwarding them to the Anti-Phishing Working Group at email@example.com, and you can forward phishing text messages to SPAM (7726). If you become a victim of identity theft as a result of a phishing attack, report it to your local law enforcement.
[ Keep Reading: How Your Risk of Financial Exploitation Increases as You Age ]