Understanding Phishing Emails

TYPE: Article
Share Print
Dollars and Digital Sense: Advice for safe online banking

You’ve had a long, busy day. When you finally get home, you crash on the couch with your phone or pull a chair up to the computer to check the news and your email. In the hustle and bustle of the day, you’d be forgiven for assuming that every email in your inbox is legitimate.

Unfortunately, the key to a good phishing scam is looking just like the real thing. And if you’re not careful, you can fall victim to a phishing attack—an email designed to trick you into giving up your personal or credit card information. Here are a few questions to ask yourself before you open an email to keep your information safe.

Does the email ask for my personal information?

The best phishing emails look just like the real thing, so it can be hard to spot a phony. But you should always remember that criminals who use email are trying to get your personal and financial information. Any email that asks you to divulge this information should draw an immediate red flag. Most legitimate banks and businesses will never ask you to provide information like your Social Security number, credit card number, or other sensitive information over email.

Does the email try to appeal to my emotions?

Cybercriminals love to use scare tactics to get you to give up your personal or financial information before you have a chance to think things through. If an email presses you to respond quickly or threatens you in some way if you don’t respond, you should be automatically suspicious and cautious. These emails often use a sense of urgency as a diversion. They also try to appeal to your sense of empathy, often asking you for donations to help someone in need.

Is the email in my junk box for a reason?

Emails contain digital signatures, and many times your email provider can read this digital signature to determine whether a message is likely to be junk. It’s good practice to go through your junk folder periodically to see if something doesn’t belong. But even if an email appears to be from a legitimate bank or business based on its name and subject line, the fact that it got filtered to your junk folder in the first place may mean it belongs there.

Does the email address look suspicious?

Phishing emails may appear to be coming from a business, bank, or person you know. But a closer look at the sender’s actual email address can tip you off to their true nature. If a business or bank email comes from a public email domain like gmail.com, yahoo.com, etc. it’s likely deceptive. Look to see if the domain is misspelled. In fact, look for misspellings or obvious grammatical errors in the subject or email copy. These are all common indicators of a phishing email.

What do I do if I think I’ve been a victim of phishing?

Even when you take precautions, it can be difficult to catch every phishing email. If you have clicked a link or responded to an email that you now suspect to be deceptive, you can visit IdentityTheft.gov to report information and take steps based on the information you divulged. You can also keep your computer’s security software updated in an effort to prevent malicious software from scanning your computer for information.

Dollars and Digital Sense: Advice for safe online banking

What steps can I take to protect myself from phishing?

First and foremost, practice common sense by asking the foregoing questions about every email you get. In addition, the Federal Trade Commission recommends that you do the following three things:

  1. Set your computer software and phone software to update automatically.
  2. Protect your accounts by using multi-factor authentication for an extra layer of account security.
  3. Protect your data by backing up files to an external drive or cloud service that isn’t connected to your home network.

How do I report a suspicious email?

You can report a suspicious emails to the Federal Trade Commission by forwarding messages to the Anti-Phishing Working Group at reportphishing@apwg.org and reporting it at ftc.gov/complaint. You should also contact your bank or credit card company if you believe your credit card or account information has been stolen.


Learn More:

How to Build a Stronger Password

Make Sure You're Monitoring Your Bank Account

Keep Your Online Information Safe