Skip to main content

What you need to know about phishing

You get an email that looks like it’s from someone or a company you know and deal with regularly. The email asks you to click on a link to update your account. Should you click? Or maybe it looks like it’s from your boss and asks for your network password. Should you reply? In either case, probably not. These may be phishing attempts.

How phishing works

You get an email or text and it seems to be from someone your know, and it asks you to click a link, or give your password, business bank account, or other sensitive information.

It looks real

It’s easy to spoof logos and make up fake email addresses. Scammers use familiar company names or pretend to be someone you know.

It’s urgent

The message pressures you to act now – or something bad will happen.

What happens next

If you click on a link, scammers can install ransomware or other programs that can lock you out of your data. If you share passwords, scammers now have access to your accounts.

What you can do

Before you click on a link or share any of your sensitive information, check it out first. Look up the Web site or phone number for the company or person behind the text or email. Make sure that you’re getting the real company and not about to download malware or talk to a scammer.

Make a call if you’re not sure

Pick up the phone and call that company, colleague, or client who sent the email. Confirm that they really need information from you. Use a number you know to be correct, not the number in the email or text.  You can also forward phishing emails to [email protected] (an address used by the Federal Trade Commission or to [email protected] (an address used by the Anti-Phishing Working Group). Let the company or person that was impersonated know about the phishing scheme. Report it to the FTC at FTC.gov/Complaint.