Understand phishing scams

  • 3 minutes

Phishing (pronounced "fishing") is a type of online identity theft. It uses email, phone calls, texts, and fraudulent websites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information.

Why is phishing dangerous?

Cybercriminals are skilled at tricking you into providing your personal information to them, which can lead to identity theft and loss of data. Phishing is particularly dangerous because cybercriminals disguise messages and calls as legitimate, using logos and acronyms that appear to be real.

Mitigating phishing threats

Phishing threats cannot be stopped by simply configuring a setting in Windows. Phishing scams involve the exposure of login credentials or other secure data when the user is tricked into exposing them to the attacker. Therefore, educating users is necessary to minimize threats from phishing.

Some of the tricks cybercriminals use include:

  • Fake Websites: If you receive a suspicious email message and it prompts you to select on a link, hover over the link. If the link does not match the name in your email, you could have received a phishing email. If the link points to a website or company you’ve never heard of or visited before, this could be a phishing attempt.
  • Threats: Emails that threaten account closure could be from a cybercriminal. If you receive an email that urges you to take action by threatening that your account will be closed, be careful. Cybercriminals use a variety of techniques to steal your information and gain access to your data through threats and mis-information.
  • Spoofing companies or people you know: Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows. Spoofing also can occur when a scammer imitates someone you know by mimicking their email address. Always check that the address you’re replying to is the correct one.

How to tell if an email is legitimate:

  • Hover over links to uncover the URL. Always check a URL before you select on the link—sometimes bad links are embedded into an email as a way to trick the reader.
  • Check for poor grammar and spelling errors. Companies rarely send out messages without proofreading content, so multiple spelling and grammar mistakes can signal a scam message.
  • Look for company contact information and brand accuracy. Most companies will have a brand identity that is recognizable in their emails. Look for logos, brand colors and contact information in the message.