During a phishing attempt, a scammer will distribute emails that appear to come from legitimate organizations or individuals, which contain links or attachments. These links and attachments can contain malware that installs on your device, and stores your personal information.
Any malicious links or attachments have the potential to infect your computer with viruses. Replying or clicking on these links is the easiest way for criminals to install malware, which steals and collects data, on your device or computer.
Scammers will try to obtain your personal information including Social Security number, passwords, or account information. They could also be aiming to gain access to a business’ secure network. If a criminal gains that information, they can access your email, online banking, or other accounts.
What does a Phishing Attempt Look Like?
Phishing attempts can take many forms, including an email, phone call, or text message scams.
- An email appearing to be from a bank, credit card company, or other financial institutions requesting that you “confirm” your personal account information. Supposedly, your information has been lost, or your account is going to be closed, so it is “urgent” that you respond immediately.
- Some phishing attempts look like they are from a fraud department, or are offering “contest winnings” or “free credit reporting,” that will allow them to obtain your personal information.
- A scammer pretends to have a large sum of money and needs “someone trustworthy” to help access it. The scammer promises to share the wealth in exchange for your help - specifically, your financial information.
- A criminal sends you a text message, asking you to purchase gift cards for someone who is sick. They are posing as someone you know, and promise to pay you back. They want you to send front and back images of the gift cards, allowing them to get away with the money.
- An email or text message will tell a story to encourage you to click on the link or open an attachment. The criminal may use an invoice, a coupon, or say you’re eligible for a government refund to trick you!
These messages often state there is a need for urgency, whether it’s an offer only for a “limited time,” or a contest winner with only a few minutes to act. It is rare you will receive any urgent unexpected emails, or that the sender will send an urgent message to you via email at all.
Stay alert! Use these tips to keep you from falling victim to phishing scams:
- Do not send any sensitive, personal information via email or text. Legitimate organizations will not ask users to send information this way.
- Visit banking or financial websites by typing the website into the address bar. Do not follow links embedded in an unsolicited email.
- Only open an email attachment if you're expecting it and know what it contains. Be cautious about container files, such as .zip files, as malicious files could be packed inside.
- Check links for their legitimacy. Hover your mouse over a link to see if it leads to a trusted website. Beware of overly long hyperlinks, or links that include a misspelling of a popular website. This is a tactic to feed off of the reputable site’s name recognition in order to entrap targeted users.
- If you want to verify a suspicious email, contact the organization directly - but don't call the number provided in the email.
- Be careful when posting personal information on social media. Oversharing sensitive information can make it easy for criminals to take advantage of you.
- Use antivirus software to detect and disable malicious programs, such as spyware or backdoor Trojans, which may be included in phishing emails. Keep your Internet browser updated with the latest security patches to save yourself from harmful popups and other programs.
- Protect your accounts by using multi-factor authentication. This will require that you use two or more credentials to log into your account.
How to Report Phishing
Step 1. If you think you received a phishing email, forward it to the Anti-Phishing Working Group at firstname.lastname@example.org. If you think you received a phishing text message, forward it to SPAM (7726).
Step 2. Report the phishing attack to the FTC at ftc.gov/complaint.
By following these tips, you can better prepare and protect yourself from a phishing attack. If you’re concerned you received a fake or illegitimate communication from Central Bank, don’t click any links and report fraud immediately, or email email@example.com.
How to Recognize and Avoid Phishing Scams, Federal Trade Commission