Get An Auto Insurance Quote

Find out if you're eligible to save hundreds on your car insurance.


Phishing Scams and How to Avoid Them

Sarita Harbour

There are new criminals in town, and they may be as close as your laptop or smartphone. These digital fraudsters are experts in what’s known as phishing—a practice by which internet fraudsters impersonate businesses to try to trick victims into sharing sensitive personal information. This includes login and password details, bank account information, or even social security numbers. The cyber-crooks then use these details to perpetrate crimes such as identity theft and fraud.

Phishing scams are a fast-growing form of cybercrime. According to the Anti-Phishing Working Group, Inc., the number of phishing scams doubled over the course of the year 2020. And phishing also tops the IRS “Dirty Dozen” list of tax scams, impacting everyone from payroll and tax professionals to unsuspecting taxpayers themselves.

Older individuals are especially at risk for phishing scams. The Stanford Center on Longevity reports that those over age 65 are 34% more likely to fall victim to a “phishing expedition” than those in their 40s.

How many types of phishing scams are there and how can you protect yourself against them? Here’s what you need to know.

Email Phishing Scams

Although all phishing methods involve fooling unsuspecting victims into revealing their sensitive personal and/or financial information, there are two broad email phishing methods:

  • Mass-scale phishing seeks a wide range of victims
  • Spear phishing targets a much smaller group

Mass-Scale Phishing Scams

This is the most common form of phishing—mass emails sent to a broad range of victims. Characteristics of mass-scale phishing emails include:

  • A sender name and/or domain that sound almost, but not-quite legitimate: The sender name may be similar to a well-known brand or company name, such as your bank’s name. For example, instead of “Bank of America” the sender name may be “Bank in America.”
  • An impersonal greeting: Phishing emails often do not address you by name, but instead include a salutation like “Dear Sir/Madam.”
  • Poor grammar and spelling: This happens frequently in the body of phishing emails.
  • Urgency or scare tactics: Messages may try to spark a sense of urgency or use phrases to try to scare readers, such as “Your account is past due, you must act immediately.”
  • May imitate a legitimate brand, company, financial institution, or entity: This includes re-creating the real company’s logo on the scam email.
  • A zip file attachment: When you click on these, a malicious file downloads onto your computer.

Spear Phishing

A more customized form of phishing, spear phishing focuses on a smaller, more targeted group of victims and often uses personal details to make email correspondence seem legitimate. These emails appear to come from individuals or businesses you’re familiar with. Signs an email could be a spear phishing expedition include:

  • Personalized email messages: These often use your name in the greeting line, instead of a general salutation, such as “Dear Sir/Madam.”
  • A reference to personal details: This could include the name of a co-worker. Be particularly wary if the co-worker’s name is misspelled or job title is inaccurate, as these could be signs of a spear phishing email. For example, if Jayne Smythe is your company’s HR Director don’t assume it’s an innocent typo if the email refers to “your HR Manager, Jane Smith.”
  • Spoofed links to websites: These can look legitimate but are really sites that collect your personal information for criminals to access later.

Protect Yourself From Phishing Expeditions

As email phishing scams become more widespread, take these precautions to protect yourself from being caught in this criminal net:

  • Don’t reply to any suspicious emails.
  • Install anti-virus and anti-malware security software on your computer and set it to update automatically.
  • Don’t click on links within emails asking you to provide or verify information.
  • Use caution when opening email attachments as they could contain malicious files sent to infect your computer. Do not click on email attachments from senders you’re not 100% sure of!
  • Don’t include any personal information (especially your login/password details, financial information or Social Security Number) within an email.

How To Report Phishing

The Federal Trade Commission recommends taking the following steps to report phishing:

Step 1: If you got a phishing email, forward it to the Anti-Phishing Working Group at If you got a phishing text message, forward it to SPAM (7726).

Step 2: Report the phishing attack to the FTC at

Phishing Goes Beyond Email

Phishing has evolved far beyond email. Watch out for these scams.


The term vishing combines the words “voice” and “phishing” to describe phone calls meant to trick unsuspecting victims into revealing their personal information. And vishers are clever, sometimes using information from social media profiles to make it sound as though the call is legitimately coming from a bank, a credit card company or even from the IRS. In fact, the Treasury Inspector General for Tax Administration (TIGTA) reports that they are aware of more than 10,000 individuals who’ve paid over $54 million in bogus tax bills from October 2013 through 2017 as a result of phone scams!

Characteristics of a vishing call may include:

  • A “Too good to be true” offer
  • Fear tactics or threats, much like those in email phishing
  • A blocked or altered phone number from the caller

If you suspect you’re on the line with a possible visher, hang up. If the caller claimed that they were calling from your bank or credit card company, call the phone number on your most recent statement or on the back of your credit or debit card to ask whether they’ve been trying to contact you. Your financial institution should have a record of the call if it was legitimate.

The IRS does not call taxpayers to demand payment, nor does it ask for your debit or credit card information over the phone. If you suspect that a scammer is posing as a representative of the IRS, hang up immediately and contact TIGTA at (800) 366-4484 to report it. Alternatively, use the IRS Impersonation Scam Reporting site.


Smishers contact victims via SMS (text) messages in an attempt to gain access to personal information. Hallmarks of smishing include:

  • Unsolicited texts from unknown phone numbers
  • Texts that come from numbers that aren’t 10 digits, such as a 5000 number
  • Incomplete details about your personal information, such as a few digits from your bank or credit card
  • Links to spoofed sites in the body of the text
  • Some smishers use an email service when they text victims to mask their own identities. In this case, instead of seeing a sender’s phone number, you’d see an email address.

If you receive a text that seems suspicious, avoid clicking on any links included in the copy. If the sender claims to be from your bank or credit card company, immediately contact your financial institution using the number on the back of your credit or debit card (not the number in the text nor on any websites linked within the text). You’ll want to confirm that the text came from them.

Social Media Phishing

If you’re on Facebook or other social media networks, you may receive a duplicate friend request from someone you’re already friends with on the platform. Chances are a social media phisher is casting a line. Watch for these signs of social media phishing:

  • A notification that a contact has set up a new social media account to replace their previous one
  • Private messages from your contacts asking you to click on links within the messages. These links could point to spoofed sites where criminals will try to steal your personal information.
  • Fake posts right in your newsfeed asking you to click on a link to provide your personal details
  • Suspicious posts or messages from “admins” of the platform

Be vigilant when using social media. If you receive a duplicate friend request, don’t click on it or accept it. Instead, try to contact your friend via a different method, like phone or text, to let them know you’ve received a second friend request. And don’t click on any suspicious links in messages, posts or status updates.


The word pharming combines phishing with farming and it’s yet another form of cybercrime. When pharming, fraudsters secretly install malicious code on a computer or server to direct traffic away from a real website to a fake website. The fake website can send malware to visitors’ own computers or collect personal information. Criminals can use your information for a variety of fraudulent and illegal activities, such as:

  • Applying for credit cards, loans or even mortgages
  • Using victims’ own credit card accounts to make online purchases

To help avoid becoming a pharming victim, always check that you’re visiting a secure site. Look for an “s” at the end of “http” in the URL address in your browser bar, as well as a little padlock symbol at the bottom of your browser page to confirm security. You should also install anti-virus and anti-malware software on your computer, tablet and smartphone. And as with other forms of phishing, never click on suspicious links.

As a computer and smartphone user, the best way to protect yourself from phishing scams is to become familiar with their many forms. Know what to watch for and never open attachments, click on links or respond to unsolicited communications if anything seems even a little off. When it comes to phishing, it’s better to play it safe in order to protect your personal information and avoid becoming yet another fraud or identity theft victim.

Have you run into any phishing scams recently? Share your experience and any tips you have for avoiding them below.

READ MORE: From Passwords to Photos: How to Manage Your Digital Life

42 Responses to "Phishing Scams and How to Avoid Them"
    • Kathleen Mautz | September 14, 2021 at 4:30 pm

      I get fraudulent texts every day. The most common are DMV, Insurance, and even COVID is used. They state I have various amounts of money coming to me but I must contact them immediately. Phine# is different on each message as is the $ amount I am owed. Look for the change of #’s and the “Hooks” like money, awards, bonuses, gifts, etc. They use the “hooks” that make the most emotional impact including donations for victims of various tragedies. I also use RoboKiller to monitor phone calls!!

    • Michael Orenstein | August 31, 2021 at 1:49 pm

      Excellent explanation and advice. We no longer answer our phone., unless we know the number. Because we get so many bogus calls, we’ve turned off the ringer, and the only clue we’re getting a call is either on the tv, blinking light on the phone, or the beep from our answering machine.

    • Joann Kutrik | August 31, 2021 at 12:09 pm

      I have been receiving porn emails on my computer over the summer and, now, today I received a porn site msg on my phone. I have been ignoring them, but would definitely like to
      know who to report them to. I have the full email address and text info still on my smart phone.

      • Extra Mile Staff | August 31, 2021 at 3:46 pm

        Joann – Thanks for reading. The Federal Trade Commission recommends taking the following steps to report phishing:

        Step 1: If you got a phishing email, forward it to the Anti-Phishing Working Group at If you got a phishing text message, forward it to SPAM (7726).

        Step 2: Report the phishing attack to the FTC at

    • Jane M Gudim | August 31, 2021 at 11:44 am

      I got an email from Microsoft saying they were going to charge me $399 if I didn’t call them right away. I called and the gave them my personal information. Then I tried to back out of it and drove to my bank and talked to them. I also got Microsoft’s phone number from a friend and call they never returned my call. So far everything is OK no back lash. I feel really stupid. This happened in July 2021

    • Lee A Laird | August 30, 2021 at 3:09 pm

      check my insurance to see if you can improve the cost of my insurance

      • Extra Mile Staff | August 31, 2021 at 11:10 am

        Lee – Thanks for reading. Give us a call to see how we can help you save on your home and auto insurance. Call 888-413-8970 anytime Monday through Friday from 9 a.m. to 6 p.m. ET to see what discounts you’re eligible for.

    • N.M. | August 30, 2021 at 2:30 pm

      I filled a quote request at TRAVELLERS INSURANCE site.
      Then I got an open email from a local TRAVELLERS INSURANCE agent stating that my quote request will be fulfilled soon with my complete personal information exposed.
      I am wondering to whom to complain – BBB or Federal Trade Commission?

    • bessie M shavers | August 29, 2021 at 1:54 pm

      I was once caught up in a ‘fix your computer scam’ based on my belief of a message from microsoft. fortunately I paid with a credit card and was able to recoup the payment. NEVER AGAIN

    • Janet Marie Clawson | August 29, 2021 at 8:37 am

      Recently I ordered used books from Amazon. Within days, someone had my debit card numbers and was using it to pay for UberEats in San Francisco, California. Never been to California. Immediately contacted my bank. When I attempted to contact Amazon, I was sent a nasty email and was the one accused of stealing. When I talked with my banker she said the same thing, as she had identity thief 4 times. Scary when someone experienced in banking is scammed.

    • Debbie Villemaire | August 29, 2021 at 2:27 am

      Just the other day I got a call from Amazon letting me know a purchase was made by me for a new phone and it was being delivered to Florida. Well of course I did t order a phone so I was told to press #1 for a rep. When a rep cane in my phone they asked me what kind of computer I was using. Well I said none, just my phone…the rep hung up on me

    • Terry Eller | August 28, 2021 at 10:40 pm

      Just received an email to “Dear Customer, “kindly download your attach receipt.” and that $240.52 is going to be withdrawn from my credit card for a gift card. All I need to do is click on the download. I have not ordered any gift cards. I have McAfee security. Is there any way I can notify them?
      I will delete the email.

    • Peter Boharski | August 28, 2021 at 9:06 pm

      I got caught with a scam for an add for a hubless e- bike that was on sale for short time. I watched a full video of the bike and was impressed with the bike after watching the video and ordered one and payed for it with a credit card through Pay Pal. Not knowing much about bikes I thought the asking price was a good sale @ $79.90. I never received the bike. After a period of I started to research the company that Pay Pal sent the payment to. That was when I found it was a scam. I contacted my credit company and closed the account and opened a new one with the same company but with a new account number. I’m pretty sure I caught the scam quick enought. But my credit card company will watch both the old account and the new account just in case. It was a dumb thing on my account and I learned a good lesson.

    • Linda S Alleman | August 28, 2021 at 8:19 pm

      Constantly getting texts that I am to receive a refund, I know this is a scam.
      Also, texts about a pkg needs to be delivered but needs more info.
      Email as well. I can block or report as phishing for emails, but can’t block a text.
      Have ATTSpam, and do send to them with the phone no., but don’t if they do anything.

    • Charlotte Tanner | August 28, 2021 at 8:03 pm

      There have been lots of scams sent my way over the years.
      IRS is one of my favorites. I call them out. FBI is another one. SS is another one. I call of them to make sure my as isn’t messed up.

    • Cathy Manring | August 28, 2021 at 5:16 pm

      I don’t know if this is the correct place to ask a question or not, but here goes. For the past few weeks, we have been receiving different pieces of mail addressed to a certain person using our correct address. These have been from credit card companies, loan companies, and even Home Depot. We turn them back to our carrier with not at this address on the front. I am worried that this person is trying to open other accounts. Why would someone use our address?

    • Harry D | August 28, 2021 at 4:26 pm

      Great info – putting what’s happening to a lot of us into meaning… well done. Please everyone – use an antivirus… and not the free stuff… you get what you pay for…

    • Jim Aubel | August 28, 2021 at 3:51 pm

      Just had one today wireless caller Ft Crocket Tx
      Recorded call saying my Amazon account has a $700 charge that they believe erroneous please press 1 to talk to them.I hung up & blocked the#

    • Gary Boyer | August 28, 2021 at 3:31 pm

      I had an email from “Amazon” about a purchase I did not make. I called the number shown in the email ( that was supposed to be Amazon) and was told the money would be credited to my bank account. They wanted me to turn over control of my computer to them and then give my bank password so they could credit my account. That aroused my suspicion so instead, I went to my amazon account, checked recent orders and found no such item was charged to it. Since that time I’ve had one other similar email.

    • Ken anderson | August 28, 2021 at 3:20 pm

      I get telephone calls all the time in my IPhone. If they are not recognized by my directory of names or is blocked I don’t pickup. My new IPhone SE puts any calls with no name in the trash can suspected scam header for me to review.

    • Constance DECKER | August 28, 2021 at 3:17 pm

      Thank you for the info. I have bn a victim of fraud many times. I never answer calls from unknown contacts!

    • Blair Meeks | August 28, 2021 at 2:41 pm

      How do I notify a FB friend that I got a PM supposedly from him, which I think is fake? I did not click on the link. I do not have his email address or phone. Do I need to tell him he has been hacked? If not, how did they get on his FB account to send a message?

    • Adrienne Jacoby | August 28, 2021 at 12:37 pm

      I SO appreciate this article. Thank you!
      Just yesterday I received an email from AmazomCom. I noticed it was an irregular format so I didn’t open or respond to the given phone #. It was telling me my Mac computer had just shipped and my card had been charged with $5K+. First of all, I don’t have that much headroom on my credit card, secondly, the format was irregular….but the logo and the body sure looked legit.

    • Rex E Fuller | August 28, 2021 at 12:15 pm

      Interestingly …. I recall reading somewhere that a large majority of ‘scams’ actually come from outside the country … that is outside the borders of the USA. Once they have your information, chances are good that its going on the worldwide ‘dark-web’. Then your privacy life becomes much more difficult to manage.

    • Ginger Jane Petrick | August 28, 2021 at 12:07 pm

      I want to thank you for this article about avoiding phishing and other scams.

      No need to respond. Just letting you know this was a helpful article.

      • Extra Mile Staff | August 31, 2021 at 10:14 am

        Ginger – Thanks for reading!

    • Brenda Weatherspoon | August 28, 2021 at 12:05 pm

      I shop online with Walmart and constantly receive text messages alleging to be from Walmart. I call Walmart to see if they are trying to contact me. The text messages always have a link for me to click on, but I WILL NOT click on links inside these text messages.

      I’ve also received text messages from AT & T which is my cell phone provider. Those links also have links inside the text message for me to click on, but I do not click on them. I always call to see if they were indeed trying to contact me.

    • Carolyn DeFigueroa | August 28, 2021 at 11:21 am

      I was told they won the lottery and want to share it because of the covid pandemic.
      They need a copy of my driver’s license front and back to get my money
      I did not send any info
      I get this 3 x a week

    • alice | August 28, 2021 at 11:12 am

      I keep getting an email from Windows Defender Order; Order confirmation, Microsoft, about a subscription I never ordered for $399.00 a year.

      I never ordered anything from them. I don’t click on anything in the email; I either delete or mark it as Spam; but they still come once a day;
      How do I get rid of these??
      Thank you

    • Gil | August 28, 2021 at 10:42 am

      One way that I verify if an email is legitimate, which was not mentioned in your article, is from the address of the sender which is always displayed in the email. For example, if I get an email from my credit card bank, even if it has the correct logo and all, it is not going to be sent from a ‘ account. It will at least be sent from the domain of the credit card company. It is just a quick test you can do to see if the notice came from a legitimate email account – if not I click delete. Thanx for the article.

    • Sonia Murray | August 28, 2021 at 10:20 am

      Got hooked, broke the line, but am still smarting from the hook. Clicked on what appeared to be a legitimate e-mail from PayPal – “you have money, check your account.” Unable to access, pictures of motorcycles and bicycles to click on, then a phone number with no answer, then Customer Service – an Indian broken voice, very helpful, sorry about the problem, we are reconnecting you – next thing my bank account was on the screen, the thief trying to get $499 out; I screamed and broke the connection. He got nothing, but my bank account was compromised; my bank had to close it and open a new account. Next, working the hook out of my jaw… notifying Social Security, military annuity, all utilities, my broker and credit card issuers of the new account number. My computer was in the shop for days, for scrubbing. So much trouble that rotten thief caused, not only to me, but to everyone else who had to do paperwork!
      I thought I had done something wrong by clicking on the link – but since then have had legitimate emails from Discover and CapitalOne Visa that went straight to my account through Norton’s password manager, nothing wrong. All I can say is, be careful!

    • James F Sefcik | August 28, 2021 at 10:16 am

      If there an email address that I can forward these phishing messages to so that they can be investigated?

    • Dee | August 28, 2021 at 10:14 am

      Recently we’ve received phone calls which appear as our own phone number on our cell or landline. Don’t answer. One pretended to be our cell phone service provider and said our service would be discontinued, then asked for billing information. We are now letting all calls go to voicemail unless we recognize the caller. If it might be important, we call back at a number we know to be legitimate.

    • Dianne Murphey | August 28, 2021 at 10:08 am

      You present excellent information ~ I have been so hoping you would do this!

      I receive multiple telephone calls and texts each day (12-30). My phone is set to “screen” calls not in my Contact List. It asks, as an outgoing message, for the Caller’s reason for calling and records their answer.

      All scammers hang up and then I go into my phone and “Block” the source number.

      A bit messy and worrisome yet effective.

      Many thanks for your very helpful guidance! Be safe, all.
      Di Murphey

    • FRANKLIN STEIN | August 28, 2021 at 9:44 am

      Phone companies and internet companies have little will or motivation to protect the consumer. It is all about income and revenue stream. The consumer has to be suspicious while the criminals get off without penalty. The criminals feed on the naivety of some and the cognitive slippage due to age!
      Ransomware is bribery yet companies pay off the criminals.

    • sam barnes | August 28, 2021 at 9:39 am

      You should have also included, Desktop computers and land line phones. I get 98% of the scams people are running on my Desktop and land line phone. Not cell phone or laptop. I do believe most older people have landline phone and Desktop and these are the most people who scams are directed to. Here’s what you said.

      There are new criminals in town, and they may be as close as your laptop or smartphone.

    • Vanessa | August 28, 2021 at 3:55 am

      I got an email from AMAZON that an item was to arrive on 8.30.21; something to do w electronic games. The cost $500++. I called Amazon, they don’t answer. Robo call said my balance was $0 I checked my bank account to ck my amazon card balance and it was $0. I now realize I have to b very proactive on the internet accts I have, especially bank accts.

    • Carl Stude | August 27, 2021 at 3:18 am

      You are correct that poor grammar and spelling are common indicators of scam communications. While I am confident that this e-mail is legitimate, it contains a similar error in referring to “perpetuate” crimes rather than “perpetrate” crimes.

      • Extra Mile Staff | August 27, 2021 at 6:38 am

        Carl – Thanks for reading. You’ve got a good eye! We just corrected this error. Thanks!

    • Ed glosup | August 26, 2021 at 10:19 am

      We get these phone calls all the time. At least 6 to ten a day. Pitiful.

      • TOMMY L HILL | August 28, 2021 at 2:47 pm

        I Ajways get msg from someone pretending to be in the Military in a seinor officer with millions for me to send 4 to 5 thousand dollars so the money can be released SCAM.

Leave a Reply

Disclaimer: Comments are subject to moderation and removal without cause or justification and may take up to 24 hours to be seen in comments. Your email address will not be published. Required fields are marked * Please do not include personal policy information; if you have questions or concerns regarding your policy with The Hartford, please log into your account or you can speak directly to a Customer Service Representative.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.