Skip to Main Content
It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.
Phishing: what you need to know
If you text or email, you're going to experience phishing — attempts by criminals to steal your passwords, account numbers, or Social Security number for illicit purposes. If cybercriminals get that information, they could gain access to your email, bank, or other private accounts. Scammers launch thousands of phishing attacks every day and they’re often successful.
Think it won't happen to you? Phishing emails and text messages have become increasingly sophisticated. Read on to learn to protect yourself and not become a victim.
Tips for keeping your info private
- Be wary of hyperlinks: Avoid clicking on hyperlinks in emails; type the URL directly into the address bar instead. If you choose to click on a link, ensure it is authentic before clicking on it. You can check a hyperlinked word or URL by hovering the cursor over it to reveal the full address.
- When in doubt, throw it out: Links in emails, online posts, and text messages are often the way cybercriminals compromise your computer. If it looks suspicious — even if you know the source — it’s best to delete or, if appropriate, mark it as “junk email.”
- Think before you act: Be wary of communications that urge you to act immediately, offer something that sounds too good to be true, or ask for personal information. Creating fear and urgency are the most successful phishing tactics. Common phishing attempts include fake notifications of bank or credit card problems, package delivery issues, and email account access.
- Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password. A secure password manager may be a good solution generates strong, unique passwords for each site/vendor while giving you the simplicity of remembering just one password (of the manager).
- Use stronger authentication: Always opt to enable two-factor authentication when it's available, especially for accounts with sensitive information including your email or bank accounts. A stronger authentication helps verify a user has authorized access to an online account. For example, it could be a one-time PIN texted to a mobile device, providing an added layer of security beyond your username and password.
- Update your devices regularly and install antivirus software: Make sure all your personal computers, tablets, and phones are regularly updated with the latest operating system (OS), antivirus software, firewalls, email filters, and anti-spyware.
The Federal Trade Commission (FTC) regularly updates tips for avoiding scams and explains what to do if you are a victim of a cybercrime.