Phishing email messages, websites, and phone calls are designed to steal money. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer.
Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website.
What does a phishing email message look like?
Here is an example of what a phishing scam in an email message might look like.
- Spelling and bad grammar. Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam.
- Beware of links in email. If you see a link in a suspicious email message, don't click on it. Rest your mouse (but don't click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's web address.
Links might also lead you to .exe files. These kinds of file are known to spread malicious software.
- Threats. Have you ever received a threat that your account would be closed if you didn't respond to an email message? The email message shown above is an example of the same trick. Cybercriminals often use threats that your security has been compromised.
- Spoofing popular websites or companies. Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows.
- Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered, like www.baankofamerica.com.
- Many email providers provide an option to report phishing. Taking the time to report it, can help protect others.
When a website is flagged yellow and/or “suspicious” it means that it has some of the typical characteristics of phishing websites, but it is not on the list of reported phishing websites. The website might be fine, but be cautious about entering any personal or financial information unless you are certain that the site is trustworthy.
A website flagged in red means that the website has been reported as a phishing website. Do not give any information on those website.