Phishing is a term used to describe a type of internet fraud that uses email, chats, etc. to obtain confidential information such as passwords, bank account numbers, credit card numbers, or Social Security numbers. A common phishing tactic is to send a fake email to a victim purporting to be from a legitimate institution requesting that the victim go to a website to verify his personal information. The website the victim is directed to is also fraudulent and the personal information that is entered at the website is collected by the criminal to execute identity theft. 

The following is a list of suggestions to help you recognize and avoid phishing scams. For more information, including on what to do if you have shared personal information via a phishing scam, go to the Federal Trade Commission's Consumer Advice site.

  • Be suspicious of any email with urgent requests for personal financial information.
    • Unless the email is digitally signed, you can't be sure it wasn't forged or spoofed.
    • Phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately.
    • They typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.
    • Phisher emails are typically NOT personalized, but they can be. Valid messages from your bank or e-commerce company generally are personalized, but always call to check if you are unsure.
  • Don't use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don't know the sender, or if the sender uses a different email that they don't generally use.
    • Call the company or look up contact information on the real website. Don't assume any links to websites in the phishing email are correct - they most likely are not.
  • Avoid filling out forms in email messages that ask for personal financial information.
    • You should only communicate information such as credit card numbers or account information via a secure website or the telephone.
  • Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser.
    • Phishers are now able to spoof, or forge BOTH the "https://" that you normally see when you're on a secure Web server AND a legitimate-looking address. You may even see both in the link of a scam email. Again, make it a habit to enter the address of any banking, shopping, auction, or financial transaction website yourself and not depend on displayed links.
    • Phishers may also forge the yellow lock you would normally see near the bottom of your screen on a secure site. The lock has usually been considered as another indicator that you are on a 'safe' site. The lock, when double-clicked, displays the security certificate for the site. If you get any warnings displayed that the address of the site you have displayed does NOT match the certificate, do not continue.
  • Remember not all scam sites will try to show the "https://" and/or the security lock. Get in the habit of looking at the address line, too. Were you directed to PayPal? Does the address line display something different like "http://www.gotyouscammed.com/paypal/login.htm?" Be aware of where you are going.
  • Consider installing a Web browser tool bar or extension to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you about the site.
  • Regularly log into your online accounts.
    • Check several times a month for each account.
  • Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate.
    • If anything is suspicious or you don't recognize the transaction, contact your bank and all card issuers.
  • Ensure that your browser is up to date and security patches applied.
  • Always report phishing or spoofed e-mails to the following groups:
    • Forward the email to [email protected].
    • When forwarding spoofed messages, always include the entire original email with its original header information intact.
    • If you get a phishing text message, forward it to SPAM (7726).
    • Report the email or chat to the Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov/.
    • Report the email or chat to the Federal Trade Commission at the ReportFraud.ftc.gov website.