Phishing scams are on the increase these days and cybercriminals use phishing to steal sensitive information. They trick users by sending genuine-looking emails or text messages to trick them into giving their financial and other personal information. Phishing continues to be one of the most common ways through which fraudsters steal information. They then use the stolen information to steal money and for other fraudulent purposes. Though these kinds of attacks are common and are on the increase, there are also ways to protect yourself.

Phishing Attacks

While fraudsters keep launching different types of phishing attacks every day and keep up with the latest trends, sending fraudulent emails and text messages is the most common tactic they use in phishing attacks. They use this technique and steal sensitive user information, including credit card details, passwords, Social Security numbers, and more. Using the information they steal, they access users’ bank accounts and steal money or sell the stolen information on the dark web for a huge sum of money.

The emails fraudsters send appear to be genuine and will have interesting content that will almost make the receiver click on the link in the email or download the attachment. The sender’s email will have the name of a famous company or a business you might know. You will only think that the email is from a real company and click on the link or download the attachment.

However, such emails could be from fraudsters who claim to have noticed suspicious activity on your bank account or pretend to notify you of an issue with your bank account. However, they might not have noticed any suspicious activity and they may not be any problem with your bank account, but emails from scammers will include such information to trick you into opening it.

Such emails might have invoices about which you have no clue or include a link to make a payment.  If you receive emails with such content and emails with coupons for free stuff, to register for a government refund, or if the emails prompt you to confirm some financial or other personal information, you need to be cautious as it could probably be an email from a scammer. Those emails may not even look suspicious and will look real. In reality, it may not be legitimate, but it will be from a scammer trying to steal information using that email.

The email is a scam if it has the name of a popular business or a company you know but if it has the following signs.

  • It has a link to click and make a payment or to update payment information.
  • It has a generic greeting and has typos.
  • It claims that your account is inactive due to billing issues and there will be a strong sense of urgency.

You need to be aware of the fact that companies do not request their users to make changes to their payment information via such emails or text messages. If you fail to recognize that the email or the message is from a scammer and happen to give them your personal information, you will become a victim of a phishing attack and identity theft. They can use that information to impersonate you and replace you in banks and other places. It could just be basic information like your name and email ID or in-depth sensitive information like your bank details and answers to secret questions for your PayPal and other accounts. Scammers will use the information you provide to steal money or for some other fraudulent purpose.

Identifying a Fraudulent Email 

Whenever you receive an email that seems to include important information, the first thing you will need to do is to check if the email is from a genuine sender and business. If you receive emails with attachments or links, but the name of the company doesn’t seem to be familiar, think if you really know the company or the sender before you click on the link or download the attachment. If you do not remember or recognize the company, it could probably be from a scammer. The best thing you can do when you receive such an email is to report it and delete it right away.

However, if you recognize the company but you do not remember it well, you can always get in touch with the company using the phone number or email you find on their website and check if it is really from that company. You will need to be careful about such emails as the attachments can contain malware and the links could redirect you to spammy websites. You will end up installing malware on your device or giving out sensitive information if you are not cautious of phishing emails.

Red flags to look for

  • Real companies generally send emails with a greeting containing the name of the recipient. For example, Hello John! But if you see that the email has a generic greeting, it may not be a legitimate email. If the greeting says Dear customer, Dear account holder, Dear sir or madam, etc., you need to understand that it is not from the real company but from a scammer.
  • If you spot grammar and spelling errors in the email, it could most likely be a fraudulent email. In most cases, fraudsters send emails that look almost like or resemble emails sent by legitimate companies. If you spot a spelling error or a grammar error in the email you receive, you need to be cautious. Do not trust the information present in one such email, as it is likely to be a phishing email.
  • If you see that the email has come with an attachment, make sure you do not click on it and download it. Legitimate companies like PayPal do not send emails with attachments in most cases. So do not click on any links in the email or download attachments and trash the email.
  • The email header is another thing you can check to know where the email really came from. In Gmail, you will see the sender’s email address next to the email header. If the email is from a real company, you will see the name of the company after the “@” symbol. But if it is a fraudulent email, you will not see the company’s name there.
  • Links in the email will not have the name of the company if it is a fraudulent email. You just have to mouse over the link in the email without clicking on the link to check this. If the link has the company’s name after “www,” it may not be fake but otherwise, you should not click on the link. We recommend deleting such emails immediately.
  • In most cases, scammers send emails requesting you to take action because they found viruses on your device or because there is an issue with your bank account. Remember that it is not possible for a third party to find viruses on your computer, so emails with such content will most likely be fake. Likewise, banks may not send emails like this if your account has a problem. Make sure you do not respond to such emails with your personal details.
  • Scammers send text messages and emails claiming that you are a winner of a lottery or that you have a huge sum of money coming from a foreign country. They will ask you to pay a certain sum of money to release the amount you have won. Never trust such emails and text messages, as such emails are guaranteed to be fraudulent. Remember that foreign banks and other entities will not contact some random individual to take possession of unclaimed money from their home countries. Such emails are from scammers trying to steal money from you.

Ways to Protect Yourself From Phishing Attacks

Use antivirus software to protect your computer. Make sure to update the software installed on your device by setting up automatic updates. Software updates will have security patches that address security vulnerabilities. Keeping your software updated will help keep hackers at bay.

Wherever possible, use multi-factor authentication, as it will help prevent your account from getting hacked. It will make it hard for attackers to get into your account with just your password. So even if a hacker gets his/her hands on your username and password, he/she will not be able to access your account if you are using multi-factor authentication.

Banks, in most cases, contact their customers via phone when they notice suspicious activity. They will call you from their fraud prevention team to verify if the purchase or the transaction is legitimate. So you actually need not worry about emails that claim to have noticed suspicious activity on your bank account. Some banks also freeze accounts when they see suspicious activity. Remember that they will not send emails with attachments or request you to provide your personal details.

What if You Responded to a Phishing Email

If you clicked on a spammy email and downloaded an attachment or clicked on a link, run a scan and remove problematic files, etc., that appear on the results. You can visit to report fraud if you accidentally gave out your Social Security Number, banking info, or other personal details to a scammer. You can follow the steps listed there to report fraud.

The Final Word

Never respond to unsolicited emails and text messages. If you come across one, make sure you do not click on the links or download attachments. You can also report phishing emails by sending them to the FTC at [email protected] or to the Anti-Phishing Working Group at [email protected]. Reporting such emails will help prevent such attacks in the future.

Click here if you are wondering how to secure your website and wish to know more about online security.


Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.