The term phishing – as in “fishing” for confidential information – is an electronic scam that encompasses fraudulently obtaining and using an individual’s personal or financial information.
Understanding Phishing Attacks
In a typical case, you receive a communication (an email or text message) requesting personal or financial information. It appears to come from a reputable company that you recognize and may do business with, such as your financial institution. You’re asked to click a link that takes you to what appears to be the website of a financial institution, government agency or other entity. However, in “phishing” scams, the link is not to an official website, but rather to a phony website. Once inside that website, you may be asked to provide Social Security numbers, account numbers, passwords or other information used to verify your identity, such as your mother’s maiden name or place of birth. If you provide the requested information, those perpetrating the fraud can begin to access your accounts or assume your identity.
Here are some common signs to look for:
- They urge you to click on a link to update or verify account information.
- They convey a sense of urgency and often mention negative consequences for failing to respond.
- They do not contain any personalization, such as your name, the last four digits of your account number, or other information that would indicate that the sender knows something about the recipient’s account.
- They are unexpected and are not consistent with other emails from the business.
- They may contain spelling errors and bad grammar.
- Do not respond to the email and do not click on any links or attachments inside.
- If you are unsure of its authenticity, call a phone number you trust such as the one on your most recent statement, NOT the one in the communication, to verify the company actually sent it and to inquire about why they need your information.
- If it appears to be from another company or financial institution, you can forward it to the Anti-Phishing Working Group at firstname.lastname@example.org.
- Permanently delete it from your device.