Phishing is when you get emails, texts, or calls that seem to be from companies or people you know. But they're actually from scammers. They want you to click on a link or give personal information (like a password) so that they can steal your money or identity, and maybe get access to your computer.
The Bait
- Scammers use familiar company names or pretend to be someone you know.
- They ask you to click on a link or give passwords or bank account numbers. If you click on the link, they can install programs that lock you out of your computer and can steal your personal information.
- They pressure you to act now or something bad will happen.
Avoid the Hook
Check it out.
- Look up the website or phone number for the company or person who's contacting you.
- Call that company or person directly. Use a number you know to be correct, not the number in the email or text.
- Tell them about the message you got.
Look for scam tip-offs.
- You don't have an account with the company.
- The message is missing your name or uses bad grammar and spelling.
- The person asks for personal information, including passwords.
- But note: some phishing schemes are sophisticated and look very real, so check it out and protect yourself.
Protect yourself.
- Keep your computer security up to date and back up your data often.
- Consider multi-factor authentication—a second step to verify who you are, like a text with a code—for accounts that support it.
- Change any compromised passwords right away and don't use them for any other accounts.
Report Phishing
- Forward phishing emails to spam@uce.gov and reportphishing@apwg.org.
- Report it to the FTC at ftc.gov/complaint
For more information, visit ftc.gov/phishing