Phishing Scams: How to Spot Them and What to Do

Don’t get caught by these popular scams

Businesswoman working in the office
••• filadendron / Getty Images

Phishing scams are now a part of everyday life, and most people are familiar with basic phishing approaches. Still, con artists continue to evolve and use smarter tactics, so it’s crucial to stay alert. The consequences of falling victim to a phishing scam include financial loss and endless hours of administrative work.

Learn more about phishing schemes and how to avoid them.

What Are Phishing Scams?

Phishing scams attempt to gather valuable information. In the traditional form, scammers send a mass email to every address they can find. Today, text messages and voicemails are also used for phishing. Typical examples include:

  • Update your information: A message appears to come from a bank, financial institution, or account. The email states that you should update your information (like your password) for some reason, and they usually provide a link that you can click to do so.
  • Order confirmation: A well-known online merchant sends a message saying your order was processed—but you don’t know anything about the order. The message provides a link for you to log in and view your order details.

While those messages may look legitimate, don’t take the bait. The link provided doesn't take you to a legitimate company website. Instead, you submit your information to hackers, who use the information or sell it.

Over 100,000 people submitted complaints to the FBI's Internet Crime Complaint Center about phishing in 2019.

Why Phishing Scams are Dangerous

Thieves can gather a lot of valuable information with a phishing scam. First, they can obtain account numbers and passwords to your bank, credit cards, or store accounts. Then, they can try to hijack your assets. Some phishing scams ask for personal information like your Social Security number, mother’s maiden name, and date of birth, so they can steal your identity and open credit accounts. Victims of phishing scams who give up their credit card numbers may find that somebody used the card fraudulently.

Why People Fall for Phishing Scams

Although you might associate phishing attempts with poorly spelled emails, they've evolved beyond that. A sophisticated phishing scam can trick almost anybody. They use a variety of tricks to make the message look legitimate. For example, they might steal bank graphics and terminology from actual bank email messages or websites. Or the link provided in the email may appear to go to the bank’s website, but victims actually arrive at a different site.

How to Spot Phishing Scams

Uncovering most scams is easy. For example, if you get an email from a bank you don’t have an account at, you'll likely ignore it. But if you actually have an account at the institution, it gets more challenging.

Review messages carefully to determine if they’re legitimate. Are words misspelled? Is there poor grammar? Are you addressed by name or does it use a generic greeting like "Dear Customer"?

Scrutinize the link provided. Does it really go where it appears to go? To determine that:

  1. Copy and paste the link (don’t click it) to your address bar. However, you can still get tricked by URL’s that look legitimate but have one or two letters switched.
  2. Right-click (or tap and hold on certain mobile devices) and copy the link location. Review that carefully before you follow the link.

If you're unsure whether you've received a legitimate email or text, visit the company's website directly by typing in the website address. Log into your online account to see if there are any messages. You can also contact the company using a legitimate phone number (not a phone number included in the phishing message).

The best way to avoid problems is to remain skeptical and use your judgment. Financial institutions do not contact you and ask you to provide sensitive information via email.

What to Do if You Get Tricked by a Phishing Scam

Here's what to do if you fall for a phishing email or text:

  • Notify your financial institution immediately so they can freeze your account and monitor their systems.
  • Consider freezing your credit or setting a fraud alert on your credit report by contacting the major credit bureaus (Equifax, TransUnion, and Experian).
  • Consider credit monitoring so that you improve the chances of stopping identity theft.
  • Keep a close eye on your mail and your accounts. If statements stop showing up or if you see unusual activity, call your bank immediately.
  • Be especially cautious going forward. Scammers may come back to you believing you’re an easy mark.
  • Don’t assume that thieves will take action immediately. They may hold your information for months or years before doing anything with it.
  • File a complaint with the FBI's Internet Crime Complaint Center.
  • Visit IdentityTheft.gov for additional steps to take to protect your identity.

Do Your Part to Stop Phishing Scams

Even if you haven't fallen for phishing scams, you can help prevent them. If you receive a suspicious email, report it. You can send it to phishing-report@us-cert.gov or forward texts to SPAM (7726). You should also click the “Report as Junk” (or similar) button on your email program.

Article Sources

  1. Internet Crime Complaint Center. "2019 Internet Crime Report," Page 19. Accessed Dec. 27, 2020.

  2. Federal Trade Commission. "How to Recognize and Avoid Phishing Scams." Accessed Dec. 27, 2020.

  3. Cybersecurity and Infrastructure Security Agency. "Report Phishing Sites." Accessed Dec. 27, 2020.