Phishing is when someone uses fake emails or texts to get you to share valuable personal information – like account numbers, Social Security numbers, or your login IDs and passwords. Scammers use your information to steal your money, your identity, or both. They also use phishing emails to get access to your computer or network. If you click on a link, they can install ransomware or other programs that can lock you out of your data.
Scammers often use familiar company names or pretend to be someone you know. Here’s a real world example featuring Netflix. Police in Ohio shared a screenshot of a phishing email designed to steal personal information. The email claims the user’s account is on hold because Netflix is “having some trouble with your current billing information” and invites the user to click on a link to update their payment method.
Before you click on a link or share any of your sensitive information:
- Check it out. If you have concerns about the email, contact the company directly. But look up their phone number or website yourself. That way, you’ll know you’re getting the real company and not about to call a scammer or follow a link that will download malware.
- Take a closer look. While some phishing emails look completely legit, bad grammar and spelling can tip you off to phishing. Other clues: Your name is missing, or you don’t even have an account with the company. In the Netflix example, the scammer used the British spelling of “Center” (Centre) and used the greeting, “Hi Dear.” Listing only an international phone number for a U.S.-based company is also suspicious.
- Report phishing emails. Forward them to firstname.lastname@example.org (an address used by the FTC) and to email@example.com (an address used by the Anti-Phishing Working Group, which includes ISPs, security vendors, ﬁnancial institutions, and law enforcement agencies). You can also report phishing to the FTC at ftc.gov/complaint. Also, let the company or person that was impersonated know about the phishing scheme. For Netflix, forward the message to firstname.lastname@example.org.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
- We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
- We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
- We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
- We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.
In reply to According to an email my by Conniesan
In reply to Netflix email scam almost got by David matlack