The Consumer Department of the Federal Trade Commission reminds consumers to beware of scammers who use email or text messages to trick you into giving them your personal information and offers the following lists of things you can do to protect yourself.
How to Recognize Phishing
Scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get this information, they can use it to gain access to your email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day and too often, they are successful. The FBI’s Internet Crime Complaint Center reported people lost $57 million to phishing schemes in one year.
There are some signs that will help you recognize a phishing email or text message.
Phishing emails and text messages may look like they are from a company you know or trust including but not limited to a bank, a credit card company, a social networking site, an online payment website or app, or an online store.
Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. They may say they have noticed some suspicious activity or log-in attempts, claim there’s a problem with your account or your payment information, or say you must confirm some personal information
The message you receive may include a fake invoice, ask you to click on a link to make a payment, say you are eligible to register for a government refund, or offer a coupon for a free item.
Imagine you saw the following example in your inbox. Do you see any signs that this is a scam?
The email looks like it is from a company you may know and trust: Netflix. It even uses a Netflix logo and header. The email says your account is on hold because of a billing problem. It has a generic greeting, “Hi Dear.” If you have an account with the business, it probably will not use a generic greeting like this.
The message invites you to click on a link to update your payment details.
While this email might look real, it is not. The scammers who send emails like this one do not have anything to do with the companies they pretend to be. Phishing emails can have real consequences for people who give scammers their information. And they can harm the reputation of the companies they are spoofing.
How to Protect Yourself From Phishing Attacks
Your email spam filters may keep many phishing emails out of your inbox. But scammers are always trying to outsmart spam filters, so it is a good idea to add extra layers of protection. Here are four steps you can take today to protect yourself from phishing attacks.
Protect your computer by using security software
Set the software to update automatically so it can deal with any new security threats.
Protect your mobile phone by setting software to update automatically
These updates could give you critical protection against security threats.
Protect your accounts by using multi-factor authentication
Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories:
Something you have—like a pass code you get via text message or an authentication app.
Something you are—like a scan of your fingerprint, your retina, or your face.
Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.
Protect your data by backing it up
Make sure those backups are not connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.
What to Do If You Suspect a Phishing Attack
If you get an email or a text message that asks you to click on a link or open an attachment, answer this question: Do I have an account with the company or know the person that contacted me?
If the answer is “No”
It could be a phishing scam. Review the tips on how to recognize phishing and look for signs of a phishing scam. If you see them, report the message to the Federal Trade Commission and then delete it.
If the answer is “Yes”
Contact the company using a phone number or website you know is real. Not the information in the email. Attachments and links can install harmful malware.
What to Do If You Responded to a Phishing Email
If you think a scammer has your information, like your Social Security, credit card, or bank account number, go to IdentityTheft.gov. There you will see the specific steps to take based on the information that you lost.
If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software and then run a scan.
How to Report Phishing
If you receive a phishing email or text message, report it. The information you provide in your report can help fight the scammers. Follow these steps to file a report:
If you receive a phishing email, forward it to the Anti-Phishing Working Group at email@example.com. If you receive a phishing text message, forward it to SPAM (7726).
Report the phishing attack to the FTC at ftc.gov/complaint.