
Phishing
Phishing is a method of identity theft that relies on individuals unwittingly volunteering personal details or information that can be then be used for nefarious purposes. For example, phishing attempts may: Say they've noticed suspicious activity or log-in attempts on your account Claim there's a problem with your account or payment information Say you need to confirm or update personal information Include a fake invoice Ask you to click on a link to make a payment Claim you're eligible to sign up for a government refund Offer a coupon for free goods or services Then, that thief sends out many emails that claim to be from the major bank and request the email recipients to input their personal banking information (such as their PIN) into the website so the bank may update their records. When in doubt, hover over the email address of the sender to ensure the email address matches the email address you expect. A phishing attempt may utilize an official-looking website, email, or other forms of communication to trick users into handing over details like credit card numbers, social security numbers, or passwords.

What Is Phishing?
Phishing is a method of identity theft that relies on individuals unwittingly volunteering personal details or information that can be then be used for nefarious purposes. It is often carried out through the creation of a fraudulent website, email, or text appearing to represent a legitimate firm.
A scammer may use a fraudulent website that appears on the surface to look the same as the legitimate website. Visitors to the site, thinking they are interacting with a real business, may submit their personal information, such as social security numbers, account numbers, login IDs, and passwords, to this site. The scammers then use the information submitted to steal visitors' money, identity, or both; or to sell the information to other criminal parties.
Phishing may also occur in the form of emails or texts from scammers that are made to appear as if they are sent from a legitimate business. These fake emails or texts may install programs like ransomware that can allow scammers to access a victim's computer or network.



Understanding Phishing
Phishing scammers create a false sense of security for their targets by spoofing or replicating the familiar, trusted logos of well-known, legitimate companies, or they pretend to be a friend or family member of their victims. Often, the scammers attempt to persuade victims they need personal information urgently, or the victim will experience a severe consequence, such as frozen accounts or personal injury.
A classic example of phishing is an identity thief setting up a website that looks like it belongs to a major bank. Then, that thief sends out many emails that claim to be from the major bank and request the email recipients to input their personal banking information (such as their PIN) into the website so the bank may update their records. Once the scammer gets a hold of the needed personal information, they attempt to access the victim's bank account.
$57.8 billion
Phishing scams are some of the most common attacks on consumers. According to the FBI, more than 114,700 people fell victim to phishing scams in 2019. Collectively, they lost $57.8 million, or about $500 each.
Protecting Yourself from Phishing Attacks
The following highlights signs of phishing, and how to protect yourself.
- Exceptionally good deals or offers. If an email touts offers that are too good to be true, they probably are. For example, an email claiming you've won the lottery or some other lavish prize may be luring you in to get you to click a link or relay sensitive personal information.
- Unknown or unusual senders. Though phishing emails may look like they originate from someone you know, if anything seems out of the ordinary, be cautious. When in doubt, hover over the email address of the sender to ensure the email address matches the email address you expect. Place a phone call to the company if you are unsure of an email or website. Don't respond to emails with any personal information. (See the image below for an example of an unusual sender's email address).
- Hyperlinks and attachments. These are particularly concerning if received from an unknown sender. Never open links or attachments unless you are confident they are from a safe sender. Type in the link address rather than clicking the link.
- Incorrect spelling in the web address. Phishing sites often use web addresses that look similar to the correct site, but contain a simple misspelling, like replacing a "1" for an "l".
- Immediate pop-ups. Be wary of websites that immediately display pop-up windows, especially those asking for your username and password. Use two-factor authentication, a browser with anti-phishing detection, and keep security on your systems up-to-date.
A phishing email. Note the suspicious return email address that has nothing to do with Netflix.
Phishing Attempts
According to the Federal Trade Commission (FTC), phishing emails and text messages frequently tell stories to trick people into clicking on a link or opening an attachment. For example, phishing attempts may:
Related terms:
Cybersecurity
Cybersecurity refers to the measures taken to keep electronic information, as well as hardware and software, private and safe from damage or theft. read more
Dark Web
The dark web refers to encrypted online content that is not indexed on conventional search engines. Read about the pros and cons of the dark web. read more
Identity Theft
Identity theft occurs when your personal or financial information is used by someone else to commit fraud. read more
Ransomware
Ransomware is a cyber-extortion tactic that uses malicious software to hold a user’s computer system hostage until a ransom is paid. read more
Social Engineering
Social engineering is the act of exploiting human weaknesses to gain access to personal information and protected systems. read more
Spoofing
Spoofing is a scam in which criminals attempt to obtain personal information by pretending to be a legitimate business or other innocent party. read more
Synthetic Identity Theft
Synthetic identity theft is a type of fraud in which a criminal combines real (usually stolen) and fake information to create a new identity. read more
Two-Factor Authentication (2FA)
Two-factor authentication (2FA) is a security system that requires two distinct forms of identification in order to access something. read more