What Are Phishing Scams?

For over 11 years, SafeWise experts have conducted independent research and testing to create unbiased, human reviews. Learn how we test and review.

pro

Why you can trust SafeWise  

250+ products considered
10k+ research hours  25+ in-home tests
176+ years of combined expert experience
10M homes and people protected

It might sound the same, but this isn’t how you spend a relaxing Sunday afternoon. Phishing is an identity theft scam that uses an insidious email masquerading as one you can trust in an attempt to make off with your personal or financial information.

Thwart hackers with the best internet security tips!
Sign up for our free weekly newsletter.

By signing up, you agree to our Terms and Conditions and Privacy Policy.

Video: What is phishing and how can you recognize it?

Play Video

Subscribe to our YouTube channel and learn how to protect your home, loved ones, and belongings.


How to spot a phishing scam

Phishing scams are so successful because they dress up like an important message from a legitimate company that you probably have a relationship with. These emails show up in your inbox either raising an alarm that your information may have been compromised so you need to verify it or asking for a routine update of account information.

They will always include a link that you need to click on in order to follow the instructions in the message. If you click on the link, chances are you’ll open the gateway for hackers to install malware or another virus on your computer. You might also inadvertently change your password or fill out a form on the scammer's website instead of the real one. Armed with your sensitive information, the scammers can easily steal your identity and even your money. They may also lock you out of your accounts until you pay a ransom.

But all hope is not lost. You can take extra care to weed out phishing scam emails before they worm their way into your private data.

1. Double-check before you click

Before clicking on a link in any email, carefully review the contents, the email address it came from, and the type of information it’s asking for. If any of those seem “off” to you, don’t click.

2. Pay attention to sender email addresses

Phishing scams make up email addresses that closely resemble the real thing. If you have other messages from the company in question, look at them to see if the addresses are the same. Red flags include extra characters, a different domain extension (.org, .com, etc.), or different spelling.

3. Watch out for bad grammar

Sloppy grammar, bad spelling, missing words, or improper tenses are dead giveaways that there’s something phishy going on.

4. Look for company info 

Phishing scams like to copy logos, footers, disclaimers, and other identifying information to look legit. If any of these are missing or different than usual—or if it just doesn’t feel right—send the message to the trash and contact the company via phone.

Err on the side of caution if you have any inkling that an email may be part of a phishing scam. If you’re concerned about deleting a message that may be important to your account, contact the company directly by phone or a verified email address you’ve used in the past to report the message and find out if you need to do anything in regard to your account.

How to prevent phishing

In addition to keeping a watchful eye on any messages you receive, you can use technology to identify phishing scams. 

Start by using anti-malware software that helps weed out phishing scams when they try to enter your email account. Choose software that also scans email attachments.

Then add an extra layer of protection with an anti-phishing browser extension, which will help identify fraudulent websites if you accidentally click a phishing link.

Types of phishing attacks

Some phishers have moved on from emails and will text or call you instead. Text-based phishing is known as smishing (SMS + phishing). Call-based phishing is vishing (voice + phishing).  

Most phishing scam artists send one generic email to thousands of people in hopes of catching a few victims. When the scammers target someone in particular, it's known as spear phishing. And when that someone holds the key (or password) to a huge bank account or privileged information, it's called whaling

How to report phishing emails

Report phishing emails to the Anti-Phishing Working Group by simply forwarding the suspicious email to reportphishing@apwg.org. 

The Federal Trade Commission (FTC) also handles phishing reports. Visit their fraud complaint website to fill out a report.

FAQs

Is phishing illegal?

Technically, it isn't illegal to send a phishing email. But phishers can get in plenty of legal trouble for things like wire fraud and identity theft. 

What does a phishing email try to do?

Phishing emails try to get you to download an attachment or click a link. There may be malware embedded in the attachment, or the link may prompt you to enter login information for a bank account. The scammers create websites that look so close to the real deal that you might not realize it's a scam. 

What should I do if I click a phishing link?

Exit the site immediately. Don't enter any information. If you did enter information such as a password, immediately login to the account through proper channels (preferably on a separate device) and change the password.

Run a malware and antivirus scan on your computer to make sure nothing malicious has been downloaded. 

Don't forget to report the phishing attempt. Thankfully, The Better Business Bureau, Federal Trade Commission, and even Amazon itself all have direct lines where you can report anything "phishy". 


Compare the best internet security products

Brand
Best for
Starting price
Specs
Standout feature
Learn more
Best identity theft protection

$1 million recovery insurance

Two-factor authentication
Best VPNWorks on 6 devices 5,100 servers

60 countries

Best parental control Unlimited devicesEmail and social media monitoring, powerful parental controls
Best antivirus/malware software Protects up to 10 devices Includes VPN and password manager
Best password manager Unlimited devices with Premium plan VPN and dark web monitoring with Premium plan

Amazon.com price as of post date. Offers and availability may vary by location and are subject to change. Read full disclaimer.
*First year only. Regular price $99.48/yr.
**First year only. Regular price $59.99/yr.

Rebecca Edwards
Written by
Rebecca is the lead safety reporter and in-house expert for SafeWise.com. She has been a journalist and blogger for over 25 years, with a focus on home and community safety for the past decade. Rebecca spends dozens of hours every month poring over crime and safety reports and spotting trends. Her expertise is sought after by publications, broadcast journalists, non-profit organizations, podcasts, and more. You can find her expert advice and analysis in places like NPR, TechCrunch, The Washington Post, The Chicago Tribune, The Miami Herald, HGTV, MSN, Reader's Digest, Real Simple, and an ever-growing library of podcast, radio and TV clips in the US and abroad.

Recent Articles

Man and woman couple wife husband set up surveillance security camera
Best Apartment Security Systems of 2024
In 2024, we tested the best apartment security systems and cameras. They offer security solutions...
""
The Best Home Security Systems in Canada 2024
Learn about 2024's best home security systems for Canada with research from SafeWise experts. From...
SW_Article_Medical Alerts with the Best Battery_Featured image with logo
Best Medical Alert Systems 2024
We researched the best medical alert systems to find reliable options that can empower you...
diy-security-system-on-ipad
Best DIY Home Security Systems of 2024
SimpliSafe is the best DIY home security system because it's cost-efficient, effective, and easy to...