There are new criminals in town, and they may be as close as your laptop or smartphone. These digital fraudsters are experts in what’s known as phishing—a practice by which internet fraudsters impersonate businesses to try to trick victims into sharing sensitive personal information. This includes login and password details, bank account information, or even social security numbers. The cyber-crooks then use these details to perpetrate crimes such as identity theft and fraud.
Phishing scams are a fast-growing form of cybercrime. According to the Anti-Phishing Working Group, Inc., 2022 was a record year for phishing attacks with more than 4.7 million incidents reported. And phishing also tops the IRS “Dirty Dozen” list of tax scams, impacting everyone from payroll and tax professionals to unsuspecting taxpayers themselves.
Older individuals are especially at risk for phishing scams. The Stanford Center on Longevity reports that those over age 65 are 34% more likely to fall victim to a “phishing expedition” than those in their 40s.
How many types of phishing scams are there and how can you protect yourself against them? Here’s what you need to know.
Email Phishing Scams
Although all phishing methods involve tricking unsuspecting victims into revealing their sensitive personal and/or financial information, there are two broad email phishing methods:
- Mass-scale phishing seeks a wide range of victims
- Spear phishing targets a much smaller group
Mass-Scale Phishing Scams
This is the most common form of phishing—mass emails sent to a broad range of victims. Characteristics of mass-scale phishing emails include:
- A sender name and/or domain that sound almost, but not-quite legitimate: The sender name may be similar to a well-known brand or company name, such as your bank’s name. For example, instead of “Bank of America” the sender name may be “Bank in America.”
- An impersonal greeting: Phishing emails often do not address you by name, but instead include a salutation like “Dear Sir/Madam.”
- Poor grammar and spelling: This happens frequently in the body of phishing emails.
- Urgency or scare tactics: Messages may try to spark a sense of urgency or use phrases to try to scare readers, such as “Your account is past due, you must act immediately.”
- May imitate a legitimate brand, company, financial institution, or entity: This includes re-creating the real company’s logo on the scam email.
- A zip file attachment: When you click on these, a malicious file downloads onto your computer.
Spear Phishing
A more customized form of phishing, spear phishing focuses on a smaller, more targeted group of victims and often uses personal details to make email correspondence seem legitimate. These emails appear to come from individuals or businesses you’re familiar with. Signs an email could be a spear phishing expedition include:
- Personalized email messages: These often use your name in the greeting line, instead of a general salutation, such as “Dear Sir/Madam.”
- A reference to personal details: This could include the name of a co-worker. Be particularly wary if the co-worker’s name is misspelled or job title is inaccurate, as these could be signs of a spear phishing email. For example, if Jayne Smythe is your company’s HR Director don’t assume it’s an innocent typo if the email refers to “your HR Manager, Jane Smith.”
- Spoofed links to websites: These can look legitimate but are really sites that collect your personal information for criminals to access later.
Protect Yourself From Phishing Expeditions
As email phishing scams become more widespread, take these precautions to protect yourself from being caught in this criminal net:
- Don’t reply to any suspicious emails.
- Install anti-virus and anti-malware security software on your computer and set it to update automatically.
- Don’t click on links within emails asking you to provide or verify information.
- Use caution when opening email attachments as they could contain malicious files sent to infect your computer. Do not click on email attachments from senders you’re not 100% sure of!
- Don’t include any personal information (especially your login/password details, financial information or Social Security Number) within an email.
How To Report Phishing
The Federal Trade Commission recommends taking the following steps to report phishing:
Step 1: If you got a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org. If you got a phishing text message, forward it to SPAM (7726).
Step 2: Report the phishing attack to the FTC at ReportFraud.ftc.gov.
Phishing Goes Beyond Email
Phishing has evolved far beyond email. Watch out for these scams.
Vishing
The term vishing combines the words “voice” and “phishing” to describe phone calls meant to trick unsuspecting victims into revealing their personal information. And vishers are clever, sometimes using information from social media profiles to make it sound as though the call is legitimately coming from a bank, a credit card company or even from the IRS.
Characteristics of a vishing call may include:
- A “Too good to be true” offer
- Fear tactics or threats, much like those in email phishing
- A blocked or altered phone number from the caller
If you suspect you’re on the line with a possible visher, hang up. If the caller claimed that they were calling from your bank or credit card company, call the phone number on your most recent statement or on the back of your credit or debit card to ask whether they’ve been trying to contact you. Your financial institution should have a record of the call if it was legitimate.
The IRS does not call taxpayers to demand payment, nor does it ask for your debit or credit card information over the phone. If you suspect that a scammer is posing as a representative of the IRS, hang up immediately and contact the Treasury Inspector General for Tax Administration (TIGTA) at (800) 366-4484 to report it. Alternatively, use the IRS Impersonation Scam Reporting site.
Smishing
Smishers contact victims via SMS (text) messages in an attempt to gain access to personal information. Hallmarks of smishing include:
- Unsolicited texts from unknown phone numbers
- Texts that come from numbers that aren’t 10 digits, such as a 5000 number
- Incomplete details about your personal information, such as a few digits from your bank or credit card
- Links to spoofed sites in the body of the text
- Some smishers use an email service when they text victims to mask their own identities. In this case, instead of seeing a sender’s phone number, you’d see an email address.
If you receive a text that seems suspicious, avoid clicking on any links included in the copy. If the sender claims to be from your bank or credit card company, immediately contact your financial institution using the number on the back of your credit or debit card (not the number in the text nor on any websites linked within the text). You’ll want to confirm that the text came from them.
Social Media Phishing
If you’re on Facebook or other social media networks, you may receive a duplicate friend request from someone you’re already friends with on the platform. Chances are a social media phisher is casting a line. Watch for these signs of social media phishing:
- A notification that a contact has set up a new social media account to replace their previous one
- Private messages from your contacts asking you to click on links within the messages. These links could point to spoofed sites where criminals will try to steal your personal information.
- Fake posts right in your newsfeed asking you to click on a link to provide your personal details
- Suspicious posts or messages from “admins” of the platform
Be vigilant when using social media. If you receive a duplicate friend request, don’t click on it or accept it. Instead, try to contact your friend via a different method, like phone or text, to let them know you’ve received a second friend request. And don’t click on any suspicious links in messages, posts or status updates.
Pharming
The word pharming combines phishing with farming and it’s yet another form of cybercrime. When pharming, fraudsters secretly install malicious code on a computer or server to direct traffic away from a real website to a fake website. The fake website can send malware to visitors’ own computers or collect personal information. Criminals can use your information for a variety of fraudulent and illegal activities, such as:
- Applying for credit cards, loans or even mortgages
- Using victims’ own credit card accounts to make online purchases
To help avoid becoming a pharming victim, always check that you’re visiting a secure site. Look for an “s” at the end of “http” in the URL address in your browser bar, as well as a little padlock symbol at the bottom of your browser page to confirm security. You should also install anti-virus and anti-malware software on your computer, tablet and smartphone. And as with other forms of phishing, never click on suspicious links.
Read more: How to Cyberproof Your Smartphone
As a computer and smartphone user, the best way to protect yourself from phishing scams is to become familiar with their many forms. Know what to watch for and never open attachments, click on links or respond to unsolicited communications if anything seems even a little off. When it comes to phishing, it’s better to play it safe in order to protect your personal information and avoid becoming yet another fraud or identity theft victim.
Have you run into any phishing scams recently? Share your experience and any tips you have for avoiding them below.
READ MORE: From Passwords to Photos: How to Manage Your Digital Life
I had a call from medicare about new card. Is the a real thing?
This was very interesting. I have a company contacting me about student loan and I am not sure if is legitimate. I have not replied.
I couldn’t get Publisher’s Clearing House off my back until I did this. When they called again and told me I had won a new Mercedes convertible and wanted to know what color I wanted. I told them: ” Oh no!!! Not again. I can’t find parking space for the five I’ve already won. Give it to the homeless. To them it would be a home but to me it’s just another car. Next time I win give me a Toyota Prius. Those big cars eat too much gas.
Phone call calling you grandma or grandpa. Then they need money for some reason like being in jail or had an accident. Hang up immediately.
GREAT DETAILED INFO.
THANK YOU
Thank you for the information. Keep them coming.
on fb…ad said “Clarks”shoes, I fell for it but did not receive anything wearable and no return info.
You would think that “OUR” Government would have a group actively pursuing scammers etc. And be able to shut them down. BUT, if that were to happen it may make matters worse.
I get emails where they use random upper and lower case letters, such as: CosTco, AceHArdwaRe, etc. I never open them because they are so obviously fake. But I get 2-3 (at least) per day. I do not answer my phone if I don’t recognize the caller. I figure if it’s important, they’ll leave a message. They usually don’t.
Twice in the past year I’ve gotten messages on Facebook and when I clicked on them my computer immediately locked up. It gave instructions to call a number to get it restored. I remember a friend had the same thing happen and she actually paid $399 to unlock her computer. I called my daughter and she fixed it in seconds. Just had to press Ctr Alt Delete at the same time and it was gone! If it happens to you just remember Ctr Alt Delete and it wipes it out!
This article was really interesting and helpful. Thank you!
When you talk about incomplete email numbers do you mean such as:
pi******@gmail.com? I see a request to complete the email for verification often and Google will use this at times.
I’ve gotten a few texts from i shadowy person saying i have gifts waiting for me to claim. Haven’t opened any of the texts. In Miami it’s a shameful disease now.
I get fraudulent texts every day. The most common are DMV, Insurance, and even COVID is used. They state I have various amounts of money coming to me but I must contact them immediately. Phine# is different on each message as is the $ amount I am owed. Look for the change of #’s and the “Hooks” like money, awards, bonuses, gifts, etc. They use the “hooks” that make the most emotional impact including donations for victims of various tragedies. I also use RoboKiller to monitor phone calls!!
Excellent explanation and advice. We no longer answer our phone., unless we know the number. Because we get so many bogus calls, we’ve turned off the ringer, and the only clue we’re getting a call is either on the tv, blinking light on the phone, or the beep from our answering machine.
I have been receiving porn emails on my computer over the summer and, now, today I received a porn site msg on my phone. I have been ignoring them, but would definitely like to
know who to report them to. I have the full email address and text info still on my smart phone.
Joann – Thanks for reading. The Federal Trade Commission recommends taking the following steps to report phishing:
Step 1: If you got a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org. If you got a phishing text message, forward it to SPAM (7726).
Step 2: Report the phishing attack to the FTC at ReportFraud.ftc.gov.
I got an email from Microsoft saying they were going to charge me $399 if I didn’t call them right away. I called and the gave them my personal information. Then I tried to back out of it and drove to my bank and talked to them. I also got Microsoft’s phone number from a friend and call they never returned my call. So far everything is OK no back lash. I feel really stupid. This happened in July 2021
check my insurance to see if you can improve the cost of my insurance
Lee – Thanks for reading. Give us a call to see how we can help you save on your home and auto insurance. Call 888-413-8970 anytime Monday through Friday from 9 a.m. to 6 p.m. ET to see what discounts you’re eligible for.
I filled a quote request at TRAVELLERS INSURANCE site.
Then I got an open email from a local TRAVELLERS INSURANCE agent stating that my quote request will be fulfilled soon with my complete personal information exposed.
I am wondering to whom to complain – BBB or Federal Trade Commission?
I get good results with checking and reporting suspicious businesses to BBB they are pretty reliable and they also have a blog line like this one with tips and suggestions
I was once caught up in a ‘fix your computer scam’ based on my belief of a message from microsoft. fortunately I paid with a credit card and was able to recoup the payment. NEVER AGAIN
Recently I ordered used books from Amazon. Within days, someone had my debit card numbers and was using it to pay for UberEats in San Francisco, California. Never been to California. Immediately contacted my bank. When I attempted to contact Amazon, I was sent a nasty email and was the one accused of stealing. When I talked with my banker she said the same thing, as she had identity thief 4 times. Scary when someone experienced in banking is scammed.
If Amazon did reply with a nasty e-mail ? What was they upset about? I find this hard to believe with out documentation that contains all the facts. That being said you should follow up with Amazon the public and amazon customers deserve to be aware of any activity such as this be it true?
Just the other day I got a call from Amazon letting me know a purchase was made by me for a new phone and it was being delivered to Florida. Well of course I did t order a phone so I was told to press #1 for a rep. When a rep cane in my phone they asked me what kind of computer I was using. Well I said none, just my phone…the rep hung up on me
Just received an email to “Dear Customer, “kindly download your attach receipt.” and that $240.52 is going to be withdrawn from my credit card for a gift card. All I need to do is click on the download. I have not ordered any gift cards. I have McAfee security. Is there any way I can notify them?
I will delete the email.
I got caught with a scam for an add for a hubless e- bike that was on sale for short time. I watched a full video of the bike and was impressed with the bike after watching the video and ordered one and payed for it with a credit card through Pay Pal. Not knowing much about bikes I thought the asking price was a good sale @ $79.90. I never received the bike. After a period of I started to research the company that Pay Pal sent the payment to. That was when I found it was a scam. I contacted my credit company and closed the account and opened a new one with the same company but with a new account number. I’m pretty sure I caught the scam quick enought. But my credit card company will watch both the old account and the new account just in case. It was a dumb thing on my account and I learned a good lesson.
Constantly getting texts that I am to receive a refund, I know this is a scam.
Also, texts about a pkg needs to be delivered but needs more info.
Email as well. I can block or report as phishing for emails, but can’t block a text.
Have ATTSpam, and do send to them with the phone no., but don’t if they do anything.
There have been lots of scams sent my way over the years.
IRS is one of my favorites. I call them out. FBI is another one. SS is another one. I call of them to make sure my as isn’t messed up.
I don’t know if this is the correct place to ask a question or not, but here goes. For the past few weeks, we have been receiving different pieces of mail addressed to a certain person using our correct address. These have been from credit card companies, loan companies, and even Home Depot. We turn them back to our carrier with not at this address on the front. I am worried that this person is trying to open other accounts. Why would someone use our address?
Great info – putting what’s happening to a lot of us into meaning… well done. Please everyone – use an antivirus… and not the free stuff… you get what you pay for…
Just had one today wireless caller Ft Crocket Tx
Recorded call saying my Amazon account has a $700 charge that they believe erroneous please press 1 to talk to them.I hung up & blocked the#
I had an email from “Amazon” about a purchase I did not make. I called the number shown in the email ( that was supposed to be Amazon) and was told the money would be credited to my bank account. They wanted me to turn over control of my computer to them and then give my bank password so they could credit my account. That aroused my suspicion so instead, I went to my amazon account, checked recent orders and found no such item was charged to it. Since that time I’ve had one other similar email.
I get telephone calls all the time in my IPhone. If they are not recognized by my directory of names or is blocked I don’t pickup. My new IPhone SE puts any calls with no name in the trash can suspected scam header for me to review.
Thank you for the info. I have bn a victim of fraud many times. I never answer calls from unknown contacts!
How do I notify a FB friend that I got a PM supposedly from him, which I think is fake? I did not click on the link. I do not have his email address or phone. Do I need to tell him he has been hacked? If not, how did they get on his FB account to send a message?
I SO appreciate this article. Thank you!
Just yesterday I received an email from AmazomCom. I noticed it was an irregular format so I didn’t open or respond to the given phone #. It was telling me my Mac computer had just shipped and my card had been charged with $5K+. First of all, I don’t have that much headroom on my credit card, secondly, the format was irregular….but the logo and the body sure looked legit.
Interestingly …. I recall reading somewhere that a large majority of ‘scams’ actually come from outside the country … that is outside the borders of the USA. Once they have your information, chances are good that its going on the worldwide ‘dark-web’. Then your privacy life becomes much more difficult to manage.
I want to thank you for this article about avoiding phishing and other scams.
No need to respond. Just letting you know this was a helpful article.
Ginger – Thanks for reading!
I shop online with Walmart and constantly receive text messages alleging to be from Walmart. I call Walmart to see if they are trying to contact me. The text messages always have a link for me to click on, but I WILL NOT click on links inside these text messages.
I’ve also received text messages from AT & T which is my cell phone provider. Those links also have links inside the text message for me to click on, but I do not click on them. I always call to see if they were indeed trying to contact me.
I was told they won the lottery and want to share it because of the covid pandemic.
They need a copy of my driver’s license front and back to get my money
I did not send any info
I get this 3 x a week
I keep getting an email from Windows Defender Order; Order confirmation, Microsoft, about a subscription I never ordered for $399.00 a year.
I never ordered anything from them. I don’t click on anything in the email; I either delete or mark it as Spam; but they still come once a day;
How do I get rid of these??
Thank you
One way that I verify if an email is legitimate, which was not mentioned in your article, is from the address of the sender which is always displayed in the email. For example, if I get an email from my credit card bank, even if it has the correct logo and all, it is not going to be sent from a ‘so-and-so@gmail.com account. It will at least be sent from the domain of the credit card company. It is just a quick test you can do to see if the notice came from a legitimate email account – if not I click delete. Thanx for the article.
Got hooked, broke the line, but am still smarting from the hook. Clicked on what appeared to be a legitimate e-mail from PayPal – “you have money, check your account.” Unable to access, pictures of motorcycles and bicycles to click on, then a phone number with no answer, then Customer Service – an Indian broken voice, very helpful, sorry about the problem, we are reconnecting you – next thing my bank account was on the screen, the thief trying to get $499 out; I screamed and broke the connection. He got nothing, but my bank account was compromised; my bank had to close it and open a new account. Next, working the hook out of my jaw… notifying Social Security, military annuity, all utilities, my broker and credit card issuers of the new account number. My computer was in the shop for days, for scrubbing. So much trouble that rotten thief caused, not only to me, but to everyone else who had to do paperwork!
I thought I had done something wrong by clicking on the link – but since then have had legitimate emails from Discover and CapitalOne Visa that went straight to my account through Norton’s password manager, nothing wrong. All I can say is, be careful!
If there an email address that I can forward these phishing messages to so that they can be investigated?
James – Excellent question! Here’s some information from the FTC that we will add to the article.
Recently we’ve received phone calls which appear as our own phone number on our cell or landline. Don’t answer. One pretended to be our cell phone service provider and said our service would be discontinued, then asked for billing information. We are now letting all calls go to voicemail unless we recognize the caller. If it might be important, we call back at a number we know to be legitimate.
You present excellent information ~ I have been so hoping you would do this!
I receive multiple telephone calls and texts each day (12-30). My phone is set to “screen” calls not in my Contact List. It asks, as an outgoing message, for the Caller’s reason for calling and records their answer.
All scammers hang up and then I go into my phone and “Block” the source number.
A bit messy and worrisome yet effective.
Many thanks for your very helpful guidance! Be safe, all.
Di Murphey
Phone companies and internet companies have little will or motivation to protect the consumer. It is all about income and revenue stream. The consumer has to be suspicious while the criminals get off without penalty. The criminals feed on the naivety of some and the cognitive slippage due to age!
Ransomware is bribery yet companies pay off the criminals.
You should have also included, Desktop computers and land line phones. I get 98% of the scams people are running on my Desktop and land line phone. Not cell phone or laptop. I do believe most older people have landline phone and Desktop and these are the most people who scams are directed to. Here’s what you said.
There are new criminals in town, and they may be as close as your laptop or smartphone.
I got an email from AMAZON that an item was to arrive on 8.30.21; something to do w electronic games. The cost $500++. I called Amazon, they don’t answer. Robo call said my balance was $0 I checked my bank account to ck my amazon card balance and it was $0. I now realize I have to b very proactive on the internet accts I have, especially bank accts.
You are correct that poor grammar and spelling are common indicators of scam communications. While I am confident that this e-mail is legitimate, it contains a similar error in referring to “perpetuate” crimes rather than “perpetrate” crimes.
Carl – Thanks for reading. You’ve got a good eye! We just corrected this error. Thanks!
We get these phone calls all the time. At least 6 to ten a day. Pitiful.
I Ajways get msg from someone pretending to be in the Military in a seinor officer with millions for me to send 4 to 5 thousand dollars so the money can be released SCAM.