What is phishing?
Phishing is a malicious attempt by scammers to trick unsuspecting people to share their personal information (like bank account numbers, passwords, or Social Security numbers) using phony emails or texts. These phony emails and texts look legitimate and appear to come from real companies. They are often created in a way to fool a person into opening an attachment or clicking on a link.
These messages often:
- say they've noticed suspicious activity on your account
- state there's some sort of problem with your payment information or account
- ask you to confirm your personal information
- attach an "invoice"
- have a "payment" link for you to click
- show an alert that your account is suspended or locked
Many times, there are telling signs that the email or text is a phishing attempt.
You may notice grammatical errors, that it came from an unusual email address, or that you do not have an account with this company.
How to protect from phishing
- Use security software.
- Update your devices (even your mobile phones) by setting them to update automatically. Do not delay updates as they often contain security updates.
- Use multi-factor authentication when available. The extra steps to verify your account make it harder for scammers to log in to your account if they do get your username and password.
- Back up your data and important files to an external hard drive or cloud storage so your data isn't just stored on your device.
If you suspect a phishing attempt
- If you have an account with the company that the message appears to be generated from, contact the company directly. Do NOT respond to the message or click any links in it.
- If you do not have an account with the company, report the message and delete it.
- If you receive the message through your CPS email account, report the email as PHISHING.
- To report phishing, click on the email in your Gmail (do NOT open any attachments) and click the 3 dots in the top right corner of the email window.
- Select Report phishing. Find more information on phishing in Google Support.
If you responded to a phishing email
- If you believe you shared information like your Social Security number or banking information with a scammer, visit IdentityTheft.gov to find the steps to take based on the information that was shared.
- If you clicked on a link or opened an attachment from a suspected phishing email or text, update your device security software and then run a scan.
For more details and additional information on phishing, visit the Federal Trade Commission: Consumer Information website, How to Recognize and Avoid Phishing Scams.