FightCybercrime.org

Recognize, report and recover from cybercrime.

Phishing

These types of scams are one of the biggest threats we face online. Find out how to recognize, report and recover from phishing.

Get Started Report Cybercrime
Home » Scams » Hacked Devices & Accounts » Phishing

The Basics of Phishing

Phishing is one of the biggest threats to our online security. Phishing is a type of social engineering attack that tries to trick you into disclosing sensitive information, such as login credentials or financial information, or install malware on your devices. Phishing attacks typically involve spoofed emails or websites that mimic a legitimate site in order to persuade the user into entering their personal information. In many cases, criminals use very realistic-looking emails or websites that are nearly identical to the real thing. Attackers may also use other methods, such as instant messaging or text messages, to carry out phishing attacks.

Common Tactics Used in a Phishing Attack

Cybercriminals will often send out phishing emails that appear to be from a legitimate source, such as a financial institution or well-known company. They often use authentic-looking logos and branding from legitimate companies. The email will typically contain a link that directs you to a fake website that is designed to look like the real thing.

Once on the fake website, you are asked to input sensitive information, such as your login credentials or credit card number. This information is then used by the cybercriminals to commit fraud or identity theft.

Cybercriminals may also use phishing emails to install malware on your devices. The email contains an attachment that, when opened, will download and install the malware. This can allow the cybercriminals to gain access to your device and steal sensitive information or commit other malicious activities.

Example of a Phishing Attack

You receive an email that looks like it’s from your bank. It says there’s been some suspicious activity on your account and asks you to click a link to confirm your identity. You do, and then enter your login credentials on the fake website that opens. Now the hacker who sent the email has your information and can access your account.

Step 1:Recognize

Red Flags of a Phishing Attack

Be suspicious of any email or text message that:

  • Seems unusual or out of place
  • Asks you to click on a link or open an attachment
  • Asks for personal or sensitive information
  • Comes from an unknown sender
  • Contains typos or grammatical errors
  • Contains threatening or urgent language

Step 2:Immediate Actions

If you clicked on a phishing link and/or provided sensitive information remember, it can happen to the best of us. There’s a few actions you can take to move forward and secure your account:

  • Go to the legitimate website, reset the password on your compromised account and enable two-factor authentication right away. If you are using that password for other accounts, change those too.
  • Forward the suspected phishing email to [email protected], where the Anti-Phishing Working Group will collect, analyze and share information to prevent future fraud.
  • Mark it as spam.
  • Run a full system scan using antivirus software to check if your device was infected when you clicked the link. If you find viruses, follow these steps on your device. If you still can’t remove the virus, contact a reputable computer repair shop in your area.

Step 3:Report

Reporting any type of cybercrime, including phishing attacks, is imperative to help others avoid being scammed. As a society, the more people that report online scams and fraud, the more national reporting data that is collected, and the better chance law enforcement has to catch the criminals and decrease cybercrime.

Report to FBI

Step 4:Recover

Tips and Tricks to Spot a Phishing Attempt

  • Check the sender’s email address. If it is not from a legitimate company, do not open it.
  • Check the URL by hovering over the link.
    • If you are on a desktop computer or laptop, hover over the link with your mouse. You will find the full address of the link either near the link itself or somewhere on the edges of your browser window, depending on what web browser you are using.
    • If you are using your smartphone or tablet, hold your finger down on the link until a window pops up showing the full address of the link. Tap away from the window to close the preview.
  • Be aware of a sense of urgency or threats. For example, phrases such as “you must act now” or “your account will be closed” may be indicators of a phishing attempt.
  • Be cautious of messages that ask for personal information such as your social security number, bank account information, or credit card number.
  • Check for grammatical errors or misspellings.
  • If you are unsure about the message, don’t hesitate to contact the company directly to inquire about it. Don’t use the contact information provided in the email or text message. Look up the company’s contact information on their website or elsewhere.

Take 5 Steps for Better Online Security

It’s important to strengthen your online security to help avoid all types of online scams. Take action to improve your digital posture by following these steps:

  1. Implement Multi Factor Authentication (MFA): Passwords are generally easy for scammers to crack, and even if you use strong passphrases, there’s still the possibility that a cybercriminal can obtain your passphrase in a data breach. Implementing MFA is a great way to maximize your security and ensure that you are the only one who can gain access to your accounts. MFA should be implemented on all accounts where it is available. Check your account’s security settings to see if it is something you can set up.
  2. Update Your Privacy Settings: Privacy settings allow you to control your personal information (name, address, phone number, date of birth, financial details, photos or videos, etc) and how that information is used. Review your privacy settings on all of your accounts including your social media accounts. Consider restricting who can see your friends list, contacts, photos and posts.
  3. Activate Automatic Updates: Automatic updates are a set of changes to an app, software or operating system that are automatically pushed by the developer to fix or improve it. Oftentimes, cybercriminals take advantage of security flaws to plant malicious software on your devices. By activating automatic updates, you will automatically patch security vulnerabilities to protect your data.
  4. Create Strong Passphrases: A strong passphrase is a string of unrelated words separated by hyphen, space, period, capitalized first letter or number. Use passphrases that are longer than 15 characters and include multiple words that do not have any obvious connection between them. The key to passphrases is randomness. Don’t repeat your passphrases between accounts and consider using a password manager to help you remember.
  5. Learn the Elements of a Phishing Attempt: Familiarize yourself with the elements of a phishing email. Phishing emails tend to include a sense of urgency and multiple grammar and spelling errors. If they are asking you to reveal personal information, be suspicious. If you get a strange email, try contacting the company another way to confirm they sent that email. If the email is suspicious, mark it as spam.

TestimonialHear from Other Victims

Without Fightcybercrime.org, I don't know if I would have been able to react as quickly to protect my personal information.
Mary - Indianapolis, IN

Latest News

The latest and greatest from our blog.

> Don’t Be Fooled by a Phish

Don’t Be Fooled by a Phish

Phishing emails are designed to compromise your account and personal information. Before you click on a link, ask yourself these questions.

Read Full Article
> Texting Scams: Five Ways to Avoid Smishing in 2021

Texting Scams: Five Ways to Avoid Smishing in 2021

Guest Blog by Jacinta Tobin, Vice President of Cloudmark Operations for Proofpoint. Mobile and email messaging volumes continue to increase globally, and in 2021 the amount of mobile messaging traffic in particular doesn’t show any signs of slowing down. Billions of text messages are sent each day worldwide and threat actors are actively targeting users—and […]

Read Full Article
> 3 Common Disaster Scams

3 Common Disaster Scams

When disaster strikes a town, city, or state it can leave behind many broken pieces. Permanent damage to schools, environmental problems in an ecosystem, and potentially life threatening public health issues can make people incredibly vulnerable after the storm, but many people don’t consider what can happen online. Cybercrime and online fraud often increase in […]

Read Full Article

Branding