Home Guides Privacy & Fraud Protection Fake Emails & Popups

Don't Be Hooked by Email Phishing Scams

email_scamsEach week the news warns of new "phishing" scams. What is "phishing" (pronounced fishing)? These are scams that are trying to steal personal and financial information. Phishing has primarily been online in the form of email or pop-messages but can also occur over the phone or through the mail. Here's how the scam works: You receive an email that appears to be from your bank, credit card company, Internet service provider (ISP), or online membership organization (such as an online auction site). The email asks you to click on a link or go to the URL given in the email to update some information the sender needs (or some other request). You click on the link and go to a website that appears to belong to the institution referenced. Since the site looks okay, you give the requested personal information. Typical requests include Social Security number, account numbers, passwords, and the like. The problem? The site is fake and the con artist has just ripped off information they can use to steal your identity and your money.

Take the SonicWALL Phishing and Spam IQ Quiz to see how savvy you are about these scams. This test shows how hard it is to distinguish between a real and a fake message.

Here are some tips to avoid being hooked by such scams:

  • Reputable companies and financial institutions, like your credit union and bank, NEVER, EVER send emails, make phone calls or send letters asking for personal information and account number information they already have on file. Always be suspicious of any request for information that comes from an unsolicited email or phone call. When you initiate the contact (online or by phone) with your bank or a reputable merchant, you may provide information to purchase merchandise or handle your account.
  • If you want to make sure this is a scam or if you think the email, phone call or letter might be genuine, simply call your financial institution, using the number on your statement or that you looked up in the phone book, and ask if they sent the email, letter, or made the phone call.
  • Never include account numbers and passwords in an email message.
  • Never call the phone number in an email message, or left on your answering maching. Use the phone number listed on a recent statement.
  • Never click on links in these sorts of emails.
  • Never enter personal information or financial information in a pop-up window. Some forms of phishing use a pop-up window on a legitimate site.
  • Protect your computers by using a firewall, anti-virus and anti-spyware software and spam filters.
  • Report the scam to the company, using the customer service number or website address from a recent statement. You can send the actual spam to the FTC at This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

How to Protect Yourself

Be extra careful with personal information. I recommend that you respond to no unsolicited request for personal information. Instead, call the institution using the number on your statement and ask if the request is legitimate. Don't call any numbers provided in the email or the website it directs you to. Don't email personal and financial information. Review credit card and bank statements for unauthorized charges as soon as you receive them. Call your credit card company or bank to confirm your mailing address if your statement is late.

For More Information

These articles have more information about these types of scams and how to avoid them.

How Not to Get Hooked by a 'Phishing' Scam from the FTC.

Fake Credit Report Sites: Cashing in on Your Personal Information from the FTC.

Internet Crime Complaint Center is a partnership between the FBI and National White Collar Crime Center. If you think you've been scammed, you can report it here.

OnGuard Online — Phishing provides some quick facts and links to other resources.


Receive an overview of the latest posts in your inbox, every two weeks:

Sign up for e-alerts

Sample an archived e-alert here.