You have probably heard about phishing—even if you do not recognize the term. Phishing is a type of online scam involving email which claims to be from a legitimate business, but actually directs the recipient to a website which collects personal information for identity fraud.
The tips and resources on this page will help you to determine when a site or email is not what it pretends to be.
- How Not to Get Hooked by a Phishing Scam
Wide-ranging tips to help you avoid getting hooked by a phishing scam and subsequently losing your personal information. Provided by the Federal Trade Commission.
- Avoid a Phishing Attack
Extensive guidelines how to avoid social engineering and phishing attacks; explains the common methods that attackers use to steal your personal information. Provided by the U.S. Computer Emergency Response Team.
- Anti-Phishing Working Group
Information on how to eliminate fraud and identity theft that result from phishing, ”pharming“ and e-mail spoofing of all types.
Top 4 Ways to Avoid a "Phish Attack"
- Do not reply to emails or click on "pop-up" messages that ask for personal or financial information. Legitimate businesses do not ask for this type of information online.
- Do not use email for personal or financial data. Email is not secure enough to transmit personal information. Use only a secured web transaction or postal mail when sending sensitive data to a known company.
- Be suspicious of unsolicited phone calls, visits, or email messages. If you receive an unsolicited request, try to verify the identity of the solicitor directly with the company.
- Ensure that you are going to the correct web site—do not be tricked! Type the web site link (URL) directly into your web browser. Malicious web sites might look identical to legitimate sites.