What Is a Phishing Scam?

A phishing scam is when a fraudster sends an email, a private message on social media or a text message designed to look like one that originated from a reputable company, organization, government agency or individual.

The messages usually contain a link or a file to download. Clicking the link or downloading the attachment may cause harmful software to become installed on your computer or mobile device. The software can allow fraudsters to access information saved on your device or even take it over, locking you out of it. When the latter occurs, the fraudsters may then ask for money to unlock your computer or mobile device.

Alternatively, a link in a phishing email may take you to a fake website where you’re prompted to enter personal information like your username and password, credit card number or Social Security number. If you do so, the scammers can then use your information to get into your online accounts and/or commit identity theft.

Signs of Phishing Scam Emails

When you’re checking your email, be on the lookout for the following signs of phishing scam emails.

1. Strange Sender Addresses

Does the sender’s address seem right for the company or organization? A real email address from a company, nonprofit or government agency will usually contain its official website, such as username@netflix.com or username@usps.com.

2. Incorrect Logos

Does any logo shown in the email match the one on the official website for the supposed sender? Is the spacing the same? Is the font correct? Even small differences between the one pictured in the email and the real thing should raise alarms.

3. Poor Grammar

Does the email use correct verb tenses, sentence structure and subject-verb agreement? While authentic emails may occasionally have mistakes in the text, glaring grammatical errors could indicate a scam.

4. Obvious Typos or International Spellings

Is the email littered with typos, or does it use international spellings of words? As with grammatical errors, an occasional typo can happen, but a reputable company or organization is unlikely to send out an email full of mistakes. Also, an American company is unlikely to use British, Canadian or Australian English spellings, so be wary if you see things like “centre” instead of “center.”

5. Unfamiliar Companies or Transactions

Does the email reference an account you don’t have or a transaction you didn’t make? Fraudsters may say you have a package to pick up, you need to update information or your purchase was declined. Their hope is that you’ll be so worried about the supposed problem that you’ll immediately click the link.

6. Lack of Personalization

Does the email actually say your name? If it uses a generic phrase like “Dear CVS Shopper” or “Hello Taxpayer,” there’s a good chance it’s a phishing scam. Companies and organizations typically use software to customize their emails with your name.

7. Suspicious Links

If you can see the text of the link, is the company’s official website address in it? In many cases, the links included in phishing scams contain a strange series of numbers and letters, or they may have a variation of the company name like amazonn.com.

8. The Content Is Unusual for the Sender

Did you get an email from a friend, a family member or an online friend you met through a virtual community that doesn’t sound like them or is out of character? Scammers will sometimes hack emails and use real people’s accounts to send out scams.

What to Do If You Receive a Suspicious Email

If you receive a suspicious email, follow these steps:

1. Don’t click any links or download any attachments.
2. Contact the sender being impersonated directly to find out if the email is real. You can call customer service or get in touch with them online.
3. Forward the email to the address reportphishing@apwg.org, which belongs to the Anti-Phishing Working Group, a nonprofit that helps coordinate global efforts to combat cybercrime.
4. File a report with the U.S. Federal Trade Commission at ReportFraud.ftc.gov.
5. Report the email to your email software provider, such as Gmail, Outlook or Comcast Xfinity.
6. Delete the email.

What to Do If You Become a Victim

If you do ever click on a link in a suspicious email, take the following steps as soon as possible:

1. Visit IdentityTheft.gov and answer the questions. The site lets you select what types of personal information you may have given to scammers and then gives you specific advice about what to do next.
2. Update your computer’s security software and then scan your system to detect any harmful software that may have been installed. If you find any problems, remove the files. Should you have difficulty figuring out how, contact the customer service department for your antivirus software.
3. Report the phishing attack by taking the steps outlined in the What to Do If You Receive a Suspicious Email section.
4. If you lost money due to a phishing scam, file a police report at your closest police station here in Springfield, MO.

‍