Recognizing Phishing Scams
Learn what “phishing” is and how to recognize a scam email, text, or call.
Avoid getting caught in phishing scams
Phishing is when a scammer tries to get you to share sensitive personal information — such as your Social Security number, passwords, and account numbers — via email, text (aka smishing), or phone call (aka vishing). These communications may appear to be from an actual company, financial institution, or government agency, but they’re not legit at all. The real companies would never contact you to ask for this personal information.
These scammers are trying to steal your identity and do other criminal things like gain access to your accounts. Becoming aware of their tricks and tactics can help you avoid financial headaches.
Common scams examples:
Email phishing
You get an email claiming that your account has been compromised, and you need to click here to change your password. (This gives the scammer instant access. They can then change your password and lock you out of your own account.)
An email says that there’s an issue delivering your package, and you have to pay extra for delivery. Just enter your credit card info here. (Again, instant access.)
Smishing
You get a text saying that you won a prize, and you just need to supply your direct deposit info to claim the money.
A text claims that you’ve been overcharged for a service, and the company wants to send you a refund. All you have to do is give them your direct deposit information so they can credit your account.
Vishing
You receive a call from someone claiming to be from the IRS saying that you owe back taxes. The caller asks you to confirm your Social Security number.
The professional-sounding voice on the phone tells you that your Social Security number is suspended, but they can take care of that for you. All you need to do is give them some personal information to reactivate it.
Signs of a scam
While there are an endless number of scams, they generally have some things in common. One main similarity is that they try to panic you into responding.
They may pressure you to click on a link by saying that the offer expires in 24 hours, or that you only have until midnight to claim the prize or refund. If they’re phishing over the phone, the caller may threaten you with arrest or deportation if you don’t give them the information they ask for.
If someone calls you and asks for personal information, it’s a scam. Hang up right away and don’t give them any information! Email and text scams can be harder to spot. Here are some ways to identify phishing in your inbox:
- The sender’s email address is similar to the legit company email, but slightly off, such as fedexx.com instead of fedex.com.
- The email or text contains poor spelling, bad grammar, and/or low-resolution logos.
- The message contains an attachment, but you weren’t expecting the message or attachment.
- When you hover over a link, the URL doesn’t match where you expected the link would go.
If after all this, you’re still not sure, use your browser to go directly to the company’s website to log in and check the status of your accounts. Never click on the links in the email or texts!