Phishing Prevention Hub
Learn to recognize, avoid, and report phishing attacks across email, text, and phone.
What is Phishing?
Phishing is a cyberattack where criminals impersonate trusted organizations to steal passwords, financial information, or personal data. 91% of cyberattacks start with phishing. Over 3.4 billion phishing emails are sent daily.
Types of Phishing Attacks
Email Phishing
Mass emails pretending to be from banks, retailers, or government agencies. Most common type.
Spear Phishing
Targeted attacks using personal information about specific individuals. Highly convincing and dangerous.
Smishing (SMS Phishing)
Phishing via text messages. Package delivery scams, account alerts, verification codes.
Vishing (Voice Phishing)
Phone calls from fake IRS, tech support, or banks. Often use spoofed caller ID.
Clone Phishing
Duplicates legitimate emails you've received, replacing links with malicious ones.
Whaling
Targets high-profile individuals like executives or celebrities. Business email compromise.
Red Flags: Spotting Phishing
Urgent or Threatening Language
"Act now!", "Account suspended!", "Verify immediately!". Creates panic to bypass critical thinking.
Suspicious Sender Address
Slight misspellings: "paypa1.com", "amaz0n.com". Hover over sender to see real email address.
Generic Greetings
"Dear Customer", "Valued User" instead of your name. Legitimate companies use your actual name.
Suspicious Links
Hover before clicking. Check URL doesn't match claimed sender. Look for misspellings.
Unexpected Attachments
.exe, .zip, .scr files especially dangerous. Never open attachments from unknown senders.
Requests for Sensitive Information
Legitimate companies never ask for passwords, SSN, or payment info via email.
Poor Grammar and Spelling
Professional companies proofread communications. Multiple errors indicate scam.
Too Good to Be True
"You've won!", "Free money!", "Congratulations!" - if unsolicited, it's a scam.
Verifying Suspicious Messages
Don't Click Links
Type the official website directly into browser. Don't use links in suspicious emails.
Contact Directly
Call the company using number from their official website, not from the message.
Check Your Account
Log in directly to your account to verify claimed issues or transactions.
Inspect URLs
Hover over links to see true destination. Look for HTTPS and correct domain.
Common Phishing Scenarios
- Package Delivery: "Your package is held, click to reschedule" - verifies address directly with carrier
- Account Verification: "Verify your account to prevent suspension" - legitimate companies don't threaten
- IRS/Tax Scams: "You owe taxes, pay now" - IRS never initiates contact via email or demands immediate payment
- Tech Support: "Your computer has virus, call this number" - Microsoft/Apple never cold-call users
- CEO Fraud: "Boss needs gift cards urgently" - verify through separate communication channel
- Lottery/Prize: "You won! Send payment for processing" - legitimate prizes don't require payment
- Banking Alerts: "Suspicious activity on your account" - log in directly, don't click email links
- Password Reset: Unsolicited reset emails when you didn't request - someone may be trying to hack you
What to Do If You Click
Disconnect from Internet
Prevents malware from spreading or communicating with attackers.
Change Passwords
Change password for the targeted account and any others using the same password.
Scan for Malware
Run full antivirus scan. Consider professional malware removal if suspicious activity.
Contact Financial Institutions
Alert banks and credit card companies if you provided financial information.
Enable Fraud Alerts
Place fraud alert on credit reports. Monitor accounts for unauthorized activity.
Reporting Phishing
- Forward phishing emails to: spam@uce.gov and reportphishing@apwg.org
- Report to the impersonated company (most have abuse@company.com)
- Gmail: Click three dots → Report phishing
- Outlook: Click Report → Phishing
- iPhone: Tap sender → Report Junk
- Report SMS scams by forwarding to 7726 (SPAM)
- Report phone scams to FTC at ReportFraud.ftc.gov