Skip to main content
It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.
Phishing and other email scams
When scammers use an email message (sometimes also copycat websites) to fraudulently get access to your personal information, it's called phishing. They may use that information to get access to your computer or to your accounts, to steal your money, identity, and/or other data. A common trick is to ask you to verify your information for some reason, maybe by clicking on a link to open a web form. Another frequently-used scam is to ask you to "click here to download" a picture or a file, which puts malware on your device.
- Message is from someone or some organization you don't know; or if it is from an organization you know, the message comes as a surprise.
- Sender is trying to scare you to "act now" or something bad will happen.
- Message asks for personal information details over the web - if that message was really from your bank, your school, or from a government agency, that request would be made in a more secure manner.
- Message claims to be from one source, but when you look at the email address or any weblinks, they actually come from (or link to) a different address. If you can't tell for certain, contact that source (your bank, your school, or the government office) directly using an address or phone number you already have, or an existing account that you have bookmarked.
Best practices to avoid phishing scams:
- Don't click on any embedded links in an email message from someone you don't know.
- Don't click on any embedded links in an email message that seems strange, coming from someone you do know (like an email from your uncle that just reads "look at this!").
- Check to make sure that any emergency message actually comes from the sender it claims.
- Don't enter identity details (your password, your complete Social Security number, or other confidential personal information) unless you've already used a password to log into an account you set up with that source. Be suspicious of requests to enter personal information on an open web form.