What is phishing?

Phishing messages claim to come from a legitimate source: a well-known software company, online payment service, bank or other reputable institution. Some will use an organization’s email address, logo or other trademarks to fake authenticity. They may also appear to be from a trusted friend or colleague. These messages can come from many sources, including phone calls, email, fraudulent software or malware, social media messages, advertisements or text messages.


Recognize the signs of a phishing scam:


Look for an ultimatum. If the message contains a message that requires you to “Do this...or else,” be cautious of the message’s legitimacy.

Inspect URLs. Scammers may obscure URLs using hyperlinks that appear to go to a reputable site. Hover your mouse over any suspicious links to view the true address the link will send you to. Illegitimate links often contain a series of numbers, unfamiliar web addresses or web addresses that don’t match the address shown in the message.

Contact info is key. Providing no signature or contact information is a red flag.

If it sounds too good to be true, it probably is. Messages about contests you didn’t enter or offers for goods or services at an unbelievable price are likely fraudulent.

Check for style inconsistencies. Pop-up windows claiming to be from your operating system or other software may have a different style or colors than authentic notifications. Messages that claim to be from a reputable organization may be missing branding aspects like a logo.

Reputable companies use spell check. Obvious spelling, punctuation or grammar errors may indicate an issue.

The title grabbed your attention. “Clickbait” titles on social media, advertisements or articles are sensationalist or attention-grabbing and sometimes lead to scams.