Learn About Common Scams
Understanding how scams work is your first line of defense. Learn about common scam types and how to protect yourself.
Phishing Scams
Phishing is one of the most common and dangerous forms of online scams.
What is Phishing?
Phishing is a cybercrime where targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
Common Phishing Tactics
- Fake Emails: Emails that appear to be from legitimate companies but contain links to fake websites.
- Urgent Action Required: Creating a sense of urgency to make you act without thinking.
- Suspicious Attachments: Emails with attachments that contain malware.
- Fake Websites: Websites that look legitimate but are designed to steal your information.
Types of Phishing Scams
Phishing comes in several forms, each with unique characteristics:
Mass emails that appear to be from legitimate companies requesting sensitive information.
Example: Emails claiming to be from your bank saying your account has been compromised.
Warning Signs:
- Misspelled sender domains (e.g., amazon-security@amaz0n.com)
- Urgent requests for personal information
- Poor grammar and formatting
Targeted phishing that uses personal information to make the attempt more convincing.
Example: Emails addressing you by name and mentioning your workplace or recent purchases.
Warning Signs:
- Contains accurate personal details that create a false sense of legitimacy
- Often targets business email accounts to request transfers or payments
- May impersonate your manager, CEO, or other authority figures
Phishing conducted via text messages rather than email.
Example: Text messages claiming to be from delivery services with links to "track packages".
Warning Signs:
- Texts from unknown numbers claiming to be businesses
- Messages with shortened URLs
- Requests to "verify" account details
Phone calls trying to trick you into revealing personal information.
Example: Calls claiming to be from your bank's fraud department asking to verify transactions.
Warning Signs:
- Callers who pressure you to act immediately
- Requests for PIN codes, passwords, or verification codes
- Automated messages claiming your accounts are compromised
Warning Signs of Phishing
- Emails or messages with poor grammar and spelling
- Requests for personal information
- Mismatched or suspicious URLs (hover over links to see where they really go)
- Generic greetings (like "Dear User" instead of your name)
- Urgent or threatening language to create pressure
How to Protect Yourself
- Verify the sender: Check the email address carefully, not just the display name.
- Don't click suspicious links: Hover over links to see where they really go before clicking.
- Go directly to websites: Type the URL in your browser instead of clicking links in emails.
- Use multi-factor authentication: This adds an extra layer of security.
- Keep software updated: Ensure your devices have the latest security updates.
Example Phishing Email
From: amazon-security@amazn-account.com
Subject: URGENT: Your Amazon account has been suspended
Dear Valued Customer,
We have detected unusual activity on your Amazon account. Your account has been temporarily suspended for security reasons.
To reactivate your account, please click the link below and verify your payment information:
[Secure Account Verification Link]
If you do not verify your account within 24 hours, it will be permanently suspended.
Thank you for your cooperation,
Amazon Security Team
Red Flags in This Example:
- Suspicious sender email (misspelled "amazon")
- Creates urgency and fear
- Generic greeting
- Asks for payment information
- Contains suspicious link