Don't Get Caught by Phishing Scams

How Phishing Scams Work

Focused businessman working at laptop hand on chin
••• Hero Images / Getty Images

Phishing scams are now a part of everyday life, and most people are familiar with basic phishing approaches. But con artists continue to evolve and use smarter tactics, so it’s crucial to stay alert. The consequences of falling victim to a phishing scam include financial loss and endless hours of administrative work.

Overview of Phishing Scams

Phishing scams attempt to gather valuable information. In the traditional form, scammers send a mass email to every address they can find. Typical examples include:

  • Update your information: A message appears to come from a bank or financial institution. The email states that you should update your information (like your password) for some reason, and they usually provide a link that you can click to do so.
  • Order confirmation: A well-known online merchant sends a message saying your order was processed—but you don’t know anything about the order. The message provides a link for you to log in and view your order details.

Other varieties exist, and new ones pop up every day.

While those messages may look legitimate, don’t take the bait. The link provided never takes you to a legitimate company website. Instead, you submit your information to hackers, who use the information or sell it.

Advice for Victims of Phishing Scams

If you get tangled up in a phishing scam, you need to be vigilant.

  • Notify your financial institution immediately so they can freeze your account and monitor their systems.
  • You may also want to freeze your credit or set a fraud alert on your credit report by contacting the major credit bureaus.
  • Consider credit monitoring so that you improve the chances of stopping identity theft.
  • Keep a close eye on your mail and your accounts. If statements stop showing up or if you see unusual activity, call your bank immediately.
  • Be especially cautious going forward. Scammers may come back to you believing you’re an easy mark.
  • Don’t assume that thieves will take action immediately. They may hold your information for months or years before doing anything with it.

Why Scammers Use Phishing Scams

Thieves can gather a lot of valuable information with a phishing scam. First, they can obtain your account number and password. Then, they can try to hijack your assets. Some phishing scams ask for all of your personal information (SSN, mother’s maiden name, date of birth, etc.) so that they can steal your identity and open credit accounts or buy valuables in your name. Victims of phishing scams who give up their credit card numbers regularly find that somebody used the card fraudulently.

Why People Fall for Phishing Scams

A sophisticated phishing scam can trick almost anybody. Rudimentary scams are easy to spot, but the best scammers are actually pretty smart. They use a variety of tricks to make the message look legitimate. For example, they might steal bank graphics and terminology from actual bank email messages or websites. Or, the link provided in the email may appear to go to the bank’s website, but victims actually arrive at a very different site.

When people are busy, they tend to hurry through things. Unfortunately, thieves take advantage of that.

How to Spot Phishing Scams

Uncovering most scams is easy. For example, if you get an email from a bank you don’t have an account at, then don’t follow the link and enter your personal information. But if you actually have an account at the institution, it gets more interesting.

Review messages carefully to determine if they’re legitimate. Are words misspelled? Sometimes scammers operate in a second language and they give themselves away by using poor grammar.

Scrutinize the link provided. Does it really go where it appears to go? For example, I could tell you that I’m giving you access to the government’s Top Secret Database at but if you click the link you’ll find that you arrive at a different site. The best ways to prevent that:

  1. Copy and paste the link (don’t click it) to your address bar. However, you can still get tricked by URL’s that look legitimate but have one or two letters switched.
  2. Right-click (or tap and hold on certain mobile devices) and copy the link location. Review that carefully before you follow the link.

The best way to avoid problems is to remain skeptical and use your judgment. Financial institutions generally do not contact you and ask you to provide sensitive information via email. In fact, most institutions inform customers that “We will never ask you for your personal information via phone or email.”

Other types of phishing scams:

How You Can Prevent Phishing Scams

Let’s all work together to prevent phishing scams. If you receive a suspicious email, report it. You can send it to the US Federal Trade Commission at, or you can just click the “Report as Junk” (or similar) button on your email program.