Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, Social Security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince recipients to respond to them.

The email can look just like it comes from a financial institution, e-commerce site, government agency or any other service or business. It often urges you to act quickly because your account has been compromised in some way.

If you are unsure whether an email request is legitimate, don’t reply, and don’t click on links or call phone numbers provided in the message.

Try to verify the email’s legitimacy with these steps:

  • Contact the company directly.
  • Contact the company using information provided on an account statement or back of a credit card.
  • Search for the company online – but not with information provided in the email.

Delete email and text messages that ask you to confirm or provide personal information (credit card and bank account numbers, Social Security numbers, passwords, etc.). Companies don't ask for this information via email or text.

Phishing and other online scams aren’t just limited to emails. They’re also prevalent on social networking sites. Be sure to remove suspicious online ads, status updates, tweets and other posts.

What to Do if You Think You are a Victim?

  • Contact your bank immediately and close the account, if you believe your account may be compromised. Watch for any unauthorized charges to your account. Consider reporting the attack to your local police department, and file a report with the Federal Trade Commission or the FBI's Internet Crime Complaint Center.
  • Forward phishing emails to spam@uce.gov – and to the company, bank, or organization impersonated in the email. You also may report phishing email to reportphishing@antiphishing.org. The Anti-Phishing Working Group, a group of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.