Skip to Content

Phishing Scams

Security Resources

Phishing is a technique that uses "spoofed" or fake emails and fraudulent websites to gain personal information for purposes of identity theft. The fraudulent email messages and/or websites are designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc.

Basically, phishers create a phony website that looks like a reputable and known good site and attach a link to the phony website in the email. Unsuspecting recipients that click on this link will find that a website opens up that resembles the reputable website. However, behind the scenes, the computer user does not know that they have been redirected to another web page that looks just like the page you may have visited in the past. This phony website can be designed to collect personal information that you key in, like account and social security numbers.

What to Watch For

  • Be suspicious of any email that requires an urgent request from you and that seems alarming or exciting. Typically, phishers will send emails that require your immediate attention or to "verify their records" since they may have lost some information. In addition, they tend to ask for things like usernames, passwords, account numbers, social security numbers, etc. Lastly, emails from phishers are generally not personalized and may appear to be sent in mass distribution.
  • Do not click on links sent in an email that are asking for information. Emails suggesting to "click here" in order to enter personal information may end up redirecting you to a site that is not what you think it is and could be collecting your data for malicious use.
    • Instead, if you are unsure, call the company or financial institution on the phone or go to their website address directly by typing it into your browser's address bar.
  • Avoid filling out forms asking for confidential or financial information. If there is any information entered, make sure that it is done over a secure link (SSL). This can be verified by checking the "lock" icon in your browser window and by ensuring HTTPS:// is displaying in the address bar.
    • HTTPS:// - the "S" represents secure vs. HTTP:// - which is not secure.

Additional Resources