Phishing is a deceptive online tactic where attackers pose as trustworthy entities to trick individuals into revealing sensitive information, such as usernames, passwords, or financial details. 

How to Recognize Phishing

  • Scammers use email or text messages to try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could get access to your email, bank, or other accounts. Or they could sell your information to other scammers. Scammers launch thousands of phishing attacks like these every day — and they’re often successful.

  • Scammers often update their tactics to keep up with the latest news or trends. Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. You might get an unexpected email or text message that looks like it’s from a company you know or trust, like a bank, a credit card, or a utility company. It could also look like it’s from an online payment website or app.

  • How to Spot an Email Scam

    Here are signs that an email is a scam, even if it looks like it comes from a company you know — and even uses the company’s logo in the header:

    • The email has a generic greeting.

    • The email says your account is on hold because of a billing problem.

    • The email invites you to click on a link to update your payment details.

  • While real companies might communicate with you by email, legitimate companies won’t email or text with a link to update your payment information. Phishing emails can often have real consequences for people who give scammers their information, including identity theft. And they might harm the reputation of the companies they’re spoofing.

How to Protect Yourself from Phishing Attacks

  • Set the software to update automatically so it will deal with any new security threats.

  • These updates could give you critical protection against security threats.

  • Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The extra credentials you need to log in to your account fall into three categories:

    • something you know — like a passcode, a PIN, or the answer to a security question.

    • something you have — like a one-time verification passcode you get by text, email, or from an authenticator app; or a security key

    • something you are — like a scan of your fingerprint, your retina, or your face

    Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.

  • Back up the data on your computer to an external hard drive or in the cloud. Back up the data on your phone, too.

How to Report Phishing

  • • If you got a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org.

    • If you got a phishing text message, forward it to SPAM (7726).

    • Report the phishing attempt to the FTC at ReportFraud.ftc.gov.

  • With the high potential cost of a ransomware infection, prevention is the best ransomware mitigation strategy. This can be achieved by reducing the ways you can be attacked by addressing:

    Phishing Messages

    Unpatched Vulnerabilities

    Remote Access Solutions

    Mobile Malware

To protect yourself from phishing, be cautious of unexpected emails or messages requesting personal information.  Check sender email addresses for legitimacy and avoid clicking on suspicious links.  Ensure websites use “https://” for secure connections. Keep your software and antivirus up to date and consider using two-factor authentication for added security.  Awareness and skepticism are key in avoiding phishing attempts.

Stay vigilant against phishing by staying informed about common techniques.  Double-check email sender addresses to verify legitimacy and refrain from clicking on links or downloading attachments from unfamiliar sources.  Enhance security with 2FA whenever possible.  Keep software updated, steer clear of pop-up links, and preview URL’s by hovering over them with your mouse.  Employ trustworthy antivirus and anti-malware software to detect and block phishing threats.  Always take a moment to verify the legitimacy of requests that create a sense of urgency, helping you avoid falling victim to phishing attempts.