What is a Phishing Attack?
A phishing attack happens when a cybercriminal sends you an email to trick you into sharing sensitive information like credit card numbers, usernames, passwords, or other security details. These emails often lead you to fake websites where you unknowingly enter your login information, giving criminals access to the real site. Additionally, phishing emails or the fake sites they link to may contain malicious software that can infect your device and enable a larger cyber attack.
Sharing Your Experience
We aim to better understand the impact of phishing attacks on individuals like you. Please share your experience by filling out this Impact form will help us protect future victims.
How to Recognize a Phishing Email
Phishing emails used to be easy to spot. Think of the classic example: an email from a "Nigerian Prince" promising wealth. Cybercriminals, however, have become much more sophisticated. They now put significant effort into making their emails look like they come from trusted sources, such as friends or official organizations like banks.
How to identify phishing emails:
Sender's Email Address: Always check the email address of the sender. Criminals often use public email addresses like gmail.com, which might not match the organization they’re pretending to be.
Requests for Personal Information: Legitimate organizations will never ask for sensitive information, like bank details or passwords, via email. Be wary of such requests.
Unexpected Attachments: Do not open attachments from unknown senders or unexpected emails, as these could contain malware.
Sense of Urgency: Phishing emails often create urgency, such as claiming your account has suspicious activity or that someone you know needs financial help. Verify these claims directly using contact information you already have.
Suspicious Links: Hover over links to see the true URL. Watch out for slight misspellings or unexpected addresses.
Poor Writing: Phishing emails often have poor spelling and grammar, or a writing style different from what you’d expect from the sender.
Free Phishing Email Check Service
If you're unsure about an email, we offer a free phishing email check. Share the suspicious email with us, and our volunteers will review it using advanced email analysis software. They’ll then provide their opinion and next steps.
What to Do If You've Fallen for a Phishing Scam
It’s easy to fall for phishing scams, even for experts. Here’s what to do if it happens:
Take your device offline: Disconnect from the internet to limit the malicious software’s ability to spread.
Change your passwords: Use a different device to change passwords for any accounts accessed from the compromised device.
Contact the impersonated organization: Report the attack, change your passwords, and follow their instructions.
Scan for malware: Use antivirus software to check your device for malicious software.
Monitor for identity theft: Keep an eye on your financial statements for unauthorized activity.
Where to Report a Cybercrime
You can report to the email to the FTC at reportphishing@apwg.org.
The US Cybersecurity and Infrastructure Security agency (CISA) at phishing-report@us-cert.gov.
Email clients: your email client my have a report junk/phishing feature and block sender option.
Avoiding Future Phishing Scams
Be suspicious: Question every email.
Trust your instincts: If something feels off, it probably is. Verify directly with the supposed sender.
Never share personal information via email: Legitimate organizations won’t ask for this information.
Type URLs directly: Don’t click links in emails. Go to the organization’s website manually.
Verify phone numbers: Check any numbers provided in an email against the organization's official website.
Be Good at Security: Consider using sites like Secure our World and FBI SOS! to improve your understanding of online security. The more secure you are, the more likely cybercriminals will move on to easier targets.
Support our Blog
If our blog helped you resolve your cyber issue, we kindly ask you to consider making a "pay it forward" contribution. Your support enables us to continue providing updated cyber solutions for you and others.
