Phishing is when a scammer uses fraudulent emails, texts, phone calls or copycat websites to get you to share valuable personal information – such as account numbers, Social Security numbers, or login IDs and passwords. Scammers then use information to steal money, identity or both. Phishing scammers often lure targets into a false sense of security by spoofing the familiar and trusted companies. They also make it seem like they need your information quickly by saying things like your account will be suspended.
- Be cautious about opening attachments or clicking on links in emails. Even your friend or family members’ accounts could be hacked. Files and links can contain malware or fake links.
- Do your own typing. If a company or organization you know sends you a link or phone number, don’t click. Use your favorite search engine to look up the website or phone number yourself. Even though a link or phone number in an email may look like the real deal, scammers can hide the true destination.
- Make a call if you’re not sure. Do not respond to any emails that request personal or financial information. Phishers use pressure tactics and prey on fear. If you think a company, friend or family member really does need personal information from you, pick up the phone and call them yourself using the number on their website or in your address book, not the one in the email.
- Turn on two-factor authentication. For accounts that support it, two-factor authentication requires both your password and an additional piece of information to log in to your account. The second piece could be a code sent to your phone, or a random number generated by an app or a token. This protects your account even if your password is compromised.
- Most of all, rely on common sense. You can’t win a contest you didn’t enter. A company won’t contact you using an email address you never registered. A computer company will not “remotely detect a virus on your PC.” Know the warning signs, think before you click, and never, ever give out your password or financial info unless you’re properly signed into your account.
Here are some more tips on how to spot a phishing email.