Phishing: How to Protect Yourself
Phishing is when you get emails, texts, or calls that seem to be from recognizable companies or people you know. The goal is for you to click on a link or give personal information so that these cybercriminals can steal your money, identity, and even access to your personal devices.
How to Recognize Phishing
As mentioned above, scammers use emails, texts, or calls to trick you into giving them access to your personal information. They create a false sense of urgency in their messages to pressure you into acting fast or else something bad will happen.
Phishing emails and texts commonly tell a story to grab your attention and convince you to clink on a link or open an attachment.
Some tactics scammers use include:
- Saying they’ve noticed some suspicious activity or log-in attempts
- Claiming there’s a problem with your account or your payment information
- Saying you must confirm some personal information
- Including a fake invoice
- Wanting you to click on a link to make a payment
- Saying that you’re eligible to register for a government refund
- Offer a coupon for free stuff
These emails and text messages can have serious consequences for both the person giving away personal information to scammers and the companies that are being imitated.
How to Prevent Phishing Attacks
Start by recognizing common hints the message is a scam - take notice if:
- You don’t have an account with the company
- The message is missing your name or uses bad grammar and spelling
- The person asks for personal information, including passwords
Be careful and stay vigilant! Follow these four steps to ensure your safety:
- Protect your devices by installing security software and setting up automatic updates
- Use multi-factor authentication on all your accounts
- Back up your data
- Change any compromised passwords right away and don’t use them for any other accounts
What To Do if You Suspect a Phishing Attack
If you come across an email or text that asks you to click a link or open an attachment, ask yourself this question: Do I have an account with the company or know the person that contacted me?
- If the answer is “no,” it’s possible that it could be a scam. Refer to the tips above on how to recognize phishing
- If the answer is “yes,” contact the company directly using a phone number or website you know is real, not the information in the email.
What To Do if You Responded to a Phishing Email
- If you think a scammer has your personal information, go to IdentityTheft.gov for more specific information based on the personal details you provided to the scammer.
- If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software.
How to Report Phishing
If you have received a phishing email or text, report it immediately.
- Forward any phishing emails to the Anti-Phishing Working Group at email@example.com
- Forward any phishing texts to SPAM (7726)
- Report the phishing attack to the FTC at ReportFraud.ftc.gov