Phishing is a type of online scam where attackers impersonate legitimate businesses or organizations in order to trick you into revealing sensitive information. These attempts typically come in the form of emails or messages that appear to be from trusted sources, such as your bank, a popular retailer, or even your email provider.
Their goal is to get you to click a link to a fake website that looks nearly identical to the real one. Once there, you may be prompted to enter personal information such as your login credentials, credit card numbers, banking details or social security number. If you enter this information, attackers can capture it and use it for identity theft, financial fraud or unauthorized access to your accounts.
Phishing attempts don’t just target passwords. They may seek any type of sensitive data that could be misused or sold. Always be cautious of unexpected emails asking you to log in, update information, or verify your account — especially if the message includes urgent language or suspicious links.
If you ever suspect an email may be a phishing attempt, delete it or contact the company directly using a known, trusted method.
Tips to Protect Yourself
- Never click on a link or download any attachments in email from unknown or suspicious sources
- Double-check the sender’s address and the URL of any site you’re asked to visit
- When in doubt, go directly to the official website by typing the address into your browser instead of clicking links in an email
- Use multi-factor authentication whenever available to add an extra layer of security to your accounts
Red Flags to Watch Out For
- Too Good to Be True
Offers of prizes, rewards or money out of nowhere are common tactics — if it sounds too good to be true, it probably is. - Urgent or Threatening Language
Messages that say your account will be locked, you’re being charged or you must act immediately are designed to panic you into clicking without thinking. - Unusual Sender or Email Address
Look closely at the sender’s email address — phishing emails often come from addresses that look odd or don’t match the company’s official domain. - Generic Greetings
Messages that start with “Dear Customer” instead of using your name may be phishing attempts. - Suspicious Links
Hover over links to see where they actually lead, and if the URL looks strange, mismatched or uses misspellings, don’t click it<./li> - Poor Spelling and Grammar
Many phishing emails contain obvious spelling errors, awkward phrasing or unprofessional formatting.