4 Tips to recognize and avoid phishing scams

Scammers use email or text messages to trick you into giving them personal information. But, there are several things you can do to protect yourself.


Scammers use email or text messages to trick people into giving them personal information. They may try to steal passwords, account numbers and even Social Security numbers. If they get that information, they could gain access to email, bank and other accounts. Scammers launch thousands of phishing attacks like this each day and they’re often successful.

Scammers often update their tactics, but there are some signs that will help you recognize a phishing email or text message.

1. Phishing emails and text messages may look like they’re from a company you know or trust. They may look like they’re from a bank, credit card company, social networking site, online payment website or app, or online store.

2. Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment.

They may say they’ve noticed some suspicious activity or log-in attempts, claim there’s a problem with the account or payment information, or say that you must confirm personal information. In addition, some might use a fake invoice, want you to click on a link to make a payment, offer a coupon for free stuff and/or say that you’re eligible to register for a government refund.

Phishing emails can have real consequences for people who give scammers their information. And, they can harm the reputation of the companies they’re spoofing.


Email spam filters may keep many phishing emails out of your inbox, but scammers are always trying to outsmart spam filters. It is a good idea to add extra layers of protection. Here are four steps you can take to protect yourself from phishing attacks.

1. Protect your computer by using security software. Set the software to update automatically so it can deal with any new security threats.

2. Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.

3. Protect accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication (MFA). The additional credentials you need to log in to your account fall into two categories:

  • Something you have – like a passcode you get via an authentication app or security key.
  • Something you are – like a scan of your fingerprint, your retina or face.

MFA makes it harder for scammers to log in to your accounts if they do get your username and password.

4. Protect your data by backing it up. Back up your data and make sure those backups aren’t connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone too.


If you get an email or text message that asks you to click on a link or open an attachment, answer this question, “Do I have an account with this company or know the person that contacted me?”

If the answer is, “No,” it could be a phishing scam. Go back and review the message using the tips on how to recognize a phishing scam. If you see them, delete it.

If the answer is, “Yes,” contact the company using a phone number or website you know is real – not the information in the email or text message. Attachments and links can install harmful malware.

If you think a scammer has your information, like your Social Security number, credit card or bank account, go to identitytheft.gov. There you’ll see specific steps to take based on the information you lost.