The Impact of Phishing Scams
Experts estimate that cybercriminals send over three billion phishing messages a day, which often contain fraudulent links or attachments that trick you into sharing sensitive information, such as login credentials or credit card details.
$52M
Losses reported to the IC3
due to phishing scams in 2022
37.5%
Of all internet crimes reported to the IC3
in 2022 were phishing scams
Learn more about the different types of phishing scams:
Email Phishing Scams
Scammers send emails that appear to be from a legitimate source, such as a bank or a trusted company, but are actually designed to trick you into sharing sensitive information or downloading malicious software.
RECOGNIZE:
Follow these guidelines to spot email phishing scams:
- Check the sender’s email address. Look closely at the email address to ensure it’s from a legitimate source.
- Watch for urgency. Phishing emails often create a sense of urgency or fear, urging you to act immediately in order to avoid negative consequences.
- Don’t click unknown links. If an email contains a link, hover your cursor over it to see where it leads.
- Be wary of attachments. Don’t open attachments from unfamiliar sources or those that seem out of context.
- Be cautious of unsolicited emails from unknown senders. If the email appears to be from a real company, contact them directly to confirm the legitimacy of the email.
REPORT AND RECOVER:
Follow these steps to minimize damage from a phishing email and protect yourself from further harm:
- If you provided financial information, contact the bank or credit card company right away.
- If you provided personal information, keep an eye on your credit report and accounts for any unusual activity.
- If you clicked on a link or downloaded an attachment, run a full system scan using antivirus software to check if your device was infected with malware.
- If you entered your login credentials, change your password immediately and be sure multi-factor authentication is enabled.
- Report it to the FTC— even if you didn’t lose money or provide sensitive information —at ReportFraud.ftc.gov.
- Once you have taken the necessary steps, delete the email from your computer. Do not forward it to friends or family.
5 COMMON PHISHING EMAILS TO WATCH OUT FOR:
Banking
The email claims that there’s a problem with your account and it asks you to click on a link to verify your information.
Government
The email says that there’s an issue with your taxes or benefits and that you need to take action immediately to avoid penalties or loss of benefits.
Social Media
The email alleges that there’s an issue with your account or that you need to log in to see a message or notification.
Billing Problem
The email warns that you need to update your billing or account information to avoid service interruption or late fees.
Online Shopping
The email claims that there’s a problem with your recent order or that you’re eligible for a special discount or reward.
Smishing Scams
Also known as SMS phishing, scammers use text messages that appear to be from legitimate sources in an attempt to trick you into sharing sensitive information or downloading malicious software onto your mobile device.
RECOGNIZE:
Follow these guidelines to spot smishing scams:
- Be cautious of requests for immediate action. These messages create a sense of urgency and ask you to take immediate action to avoid negative consequences.
- Watch out for unsolicited texts from unknown senders. If the text appears to be from a real company, contact them directly to confirm the legitimacy of the message.
- Be cautious of messages that contain suspicious links. They could lead to fraudulent websites or install malware on your device.
- If the offer seems too good to be true, trust your gut—such as free gifts in exchange for sensitive information.
- Beware of messages that ask for sensitive information. Legitimate companies would not request this information via text message.
REPORT AND RECOVER:
Follow these steps to minimize damage from smishing scams and protect yourself from further harm:
- If you provided personal information, keep an eye on your credit report and accounts for any unusual activity.
- If you provided personal information, keep an eye on your credit report and accounts for any unusual activity.
- If you clicked on a link, run a full system scan using antivirus software to check if your device was infected with malware.
- If you entered your login credentials, change your password immediately and be sure multi-factor authentication is enabled.
- Forward the message to the shortcode 7726 (SPAM).
- Report it to the FTC—even if you didn’t lose money or provide sensitive information—at ReportFraud.ftc.gov.
- Once you have taken the necessary steps, delete the message from your phone. Do not forward the text to friends or family.
COMMON TYPES OF SMISHING TEXT MESSAGES
Missed Delivery
The text claims that there’s a problem with the delivery of your package and asks you to click on a link to solve the issue.
Locked Bank Account
The text claims that there’s a problem with your account and it asks you to click on a link or call a phone number to verify your information.
“Is This You?”
Hackers send text messages asking, “Is this you?” to tempt you to click a a malicious link.
Payment Issue
The text claims your payment didn’t go through and prompts you to to click on a link in order to update your payment information.
Fake MFA Verification
The text mimics a legitimate multi-factor authentication request, aiming to trick you into sharing you login credentials and other sensitive information.
Vishing Scams
Also known as voice phishing, scammers use phone calls or voice messages that appear to be from legitimate sources in an attempt to trick you into sharing sensitive information or performing a specific action, such as transferring funds or downloading malware.
RECOGNIZE:
Follow these guidelines to spot vishing scams:
- Be wary of requests for personal information. Legitimate organizations typically do not call you to ask for sensitive information over the phone.
- Watch out for a sense of urgency or fear. The caller may use scare tactics or create a sense of urgency to pressure you into providing personal information or making a payment.
- If the offer seems too good to be true, trust your gut—such as a reward or prize in exchange for your personal information.
- If the offer seems too good to be true, trust your gut—such as a reward or prize in exchange for your personal information.
- Take notice if the caller is aggressive or rude when you refuse to provide your personal information or make a payment.
REPORT AND RECOVER:
Follow these steps to minimize damage and protect yourself from further harm:
- If you provided financial information, contact the bank or credit card company right away.
- If you provided personal information, keep an eye on your credit report and accounts for any unusual activity.
- If you gave them your login credentials, change your password immediately and be sure multi-factor authentication is enabled.
- Report it to the National Do Not Call Registry at DoNotCall.gov.
- Report it to the FTC—even if you didn’t lose money or provide sensitive information—at ReportFraud.ftc.gov.
- Once you have taken the necessary steps, block the number from your phone.
5 COMMON VISHING SCAMS TO WATCH OUT FOR:
Vehicle Warranty
The caller tells you that your vehicle warranty is about to expire or has expired, and they offer to help extend it for you.
Healthcare
The caller claims to be from a healthcare provider or insurance company and tells you that there is a problem with your records or insurance policy.
Banking
The caller tells you that there is a problem with your account and asks for sensitive info under the guise of fixing the issue.
Social Security
The caller threatens to suspend your Social Security benefits or file criminal charges against you to pressure you into giving them your information.
Student Loan Forgiveness
The caller claims to be from a student loan company or agency and offers to help you with forgiveness in exchange for upfront fees or sensitive info.
Don’t get hooked by a phishing scam!
In partnership with:
