What Is a Phishing Scam?

When you get a fraud alert from your bank or credit card, you want to prevent scammers from stealing your money. But look closer before clicking on a link or entering your bank account number. The email or text message may be fake. Cybercriminals could send you a convincing message to get your personal data.

Phishing is a scam involving emails or text messages posing as a legitimate message. Learn more about phishing scams so you can recognize them and protect yourself. For more information about dealing with phishing messages, talk to a consumer protection attorney.

Understanding Phishing Scams

Phishing scams use fake scenarios to convince victims to open emails, download attachments, or send sensitive information. Once they have your information or access to your phone, they can use it to open new accounts or take money from your bank or apps. They could also use your credit card numbers for identity theft.

A fraudulent email could appear to come from your employer, bank, or credit card company. It might say your account was breached. You could also get a text message from Social Security warning you about losing your retirement savings. You get a link or attachment you need to click to protect yourself. However, these fake websites or attachments contain malware that could compromise your personal information.

According to a 2024 report from the Federal Trade Commission (FTC), government impersonation scams cost consumers $618 million in 2023. This includes email phishing, phone number spoofing scams, and hackers impersonating government agencies. Other common impersonation scams appear to come from Amazon, PayPal, or Best Buy. Consumers reported $60 million in Microsoft impersonation scams.

Common Types of Phishing Attacks

Some phishing scams target as many people as possible. Others target specific individuals or organizations (spear phishing). Common types of phishing scams include:

• Email phishing
• SMS phishing (smishing)
• Social media message phishing (angler phishing)
• Voice phishing (vishing)

Protecting Yourself Against Phishing Attacks

Many phishing scams happen overseas. You can be anonymous online, and tracking down phishers in different countries is challenging. As a consumer, the best way to protect yourself against phishing attacks is to never click on a link or respond to suspicious emails or text messages. If you get a concerning email from your bank, go to your bank’s official website directly to contact them.

In general, banks, credit card companies, email providers, and government agencies will not ask for sensitive information via email or text message.

Use email spam filters and spam detection on your phone to limit phishing attempts. Keep your security software up-to-date. Use multi-factor authentication to access your important personal or financial information. Use strong passwords and update them regularly.

Tips for Recognizing Phishing Emails

Successful phishing scams are effective because they are hard to detect. However, some signs and red flags can help you identify possible fraud. Here are some tips to help you fight against phishing campaigns:

• Misspellings or strange wordings that sound unnatural
• A sense of urgency for you to take immediate action
• A link that redirects to a malicious website
• Requiring you to download an invoice or suspicious attachment (such as .exe or .zip extensions)
• A link that looks like it comes from a legitimate website but is a different webpage when you hover over the link
• Asking for your credit card information or login credentials over text or email message
• Offering free money, a reward, or sweepstakes winnings
• An organization email address that ends with a public email domain, like @gmail.com

Steps To Take If You’re a Victim of Phishing

If you’re a phishing victim at work or on a work computer, report it to your supervisor or tech support. You can report phishing emails to the Anti-Phishing Working Group at [email protected]. The APWG is a group of ISPs, security companies, financial institutions, and law enforcement fighting against phishing scams. You can also report phishing attempts to the FTC at ReportFraud.ftc.gov. If you think scammers have gotten access to your bank or credit card, notify your financial institution. Check your credit report for any unauthorized charges or accounts. You can freeze your credit to limit the damage from identity theft. For legal advice about what you can do after a phishing attack, talk to a consumer protection lawyer.