Phishing Scams – How to Recognize One and Steps to Avoid

By Justin P Lambert

Phishing scams are an effort by criminals to get ahold of your personal information by pretending to be a legitimate company or website that you already know and trust. For example, they may send you an email that says it’s from your bank. It would say something like, “we are currently reviewing our security procedures and have determined all of our members must log in and confirm their passwords,” or some other legitimate-sounding reason to click the link they provide and follow their instructions. Usually they will include a strong sense of urgency, urging you to take action quickly for your own good. So, you click the link and arrive at a website that looks exactly like your bank’s website, and you’re asked to log in as you normally would.

The only problem is, it’s not your bank’s website, and what you’re actually doing is handing your bank login and password to criminals who can then use it to gain access to your checking and savings accounts through the real bank website without you even realizing it’s happened.

According to the Payment Card Industry (PCI) Security Standards Council, 80,000 people fall victim to a phishing scam every single day.

How to Recognize a Phishing Scam
The best way to recognize a phishing scam is to assume every unexpected email you get is one until proven otherwise.

While legitimate organizations like your bank, your insurance company, and the Health Insurance Marketplace will send you confirmation emails after you have initiated communication on their website, no legitimate company or institution will email out of the blue asking you to share private information of any kind.

If an email you receive is unexpected and requests you take any sort of action such as clicking a link, filling out a form, or confirming your identifying information, delete it immediately.
We’ve previously published more tips for recognizing phishing scams here.

What if You Already Clicked the Link?
Regrettably, hindsight is always clearer than foresight.
What if you realize you may have received a phishing scam email, but that realization doesn’t hit until you’ve already clicked the link or taken some other action?

Follow these steps immediately to limit the damage and correct matters as quickly as possible:

1. Stop taking action immediately. Don’t finish filling out that form, don’t click that link that says “next”.
2. Make note of the URL (website address) where you are, either by writing it down or copy/pasting it to a document.
3. Close the website down.
4. Contact the legitimate organization the phishing scam was claiming to be and report the incident in detail. They will likely have procedures in place to help you mitigate damage and provide a safe alternative.

Don’t think it could never happen to you. As they say, there are many fish in the sea. Likewise, there are many phishing scams on the web. Recognizing a scam is most important, so always be on the lookout for unexpected or suspicious emails.