It's not just emails; it's texts, phone calls and even in-person visits. Phishing scams are everywhere and they're getting more sophisticated every day. If you don't know how to spot them, they can be very hard to avoid.Phishing attacks are the most common threat to consumers. The FBI reports that as recently as 2019, nearly 115,000 people were victims of phishing scams, with an average loss of about $500 each.The scam could be an email from an authentic-looking enterprise complete with logos. The message sends you a link to a site which asks the user to fill in personal information—email address, passwords, credit card data, etc. Armed with that stolen personal information, the scammer can steal your identity or plant malware on your personal computer.

Recognize phishing scams

Here are some basic precautions you can take to avoid becoming a victim of a phishing scam:

Never, repeat, NEVER, click on links in an email or download attachments unless you're completely sure the email is legitimate.

If the email is from someone you know but you are still suspicious, contact the sender. Be especially suspicious of images—photos, etc.—and never open an attached file.Open that fake file and you could be taken to a dark website that will download malware onto your computer as a gateway to your employer’s system.

Watch for typos and other strange things in emails.

Be wary if the email contains typos, errors or strange formatting. Often, phishing emails come from spoofed or phony email addresses. A way to check is to highlight the sender’s email address and click on the down arrow to its right. If the email address looks odd, it’s probably a phishing email.Typos and strange formatting can tip you off that something's not right with an email: Look for odd phrasing that a non-native English speaker might mistake for good English.

Remember: If you receive an email or text you asking to update, confirm or validate your password or payment information, it is undoubtedly a phishing scam.

It’s called “scareware.” Scammers rely on scare tactics and frequently send an email or a popup on an infected website warning you that your account or your password has been compromised. They frequently tell the potential victim that access to their account has been blocked.Don’t panic. Financial organizations never ask you to disclose your account information. You can verify that the email is fake by signing on to your account separately—not through the link provided by the scammer. When you have verified that everything still works, go to your account’s security link to report the scam.If available on your account, set up two-factor (or multi-factor) authentication. Anyone hacking your password will also need access to the cell phone number you use for the second step of the authentication.As a final precaution, when setting up answers for security questions to recover a forgotten password, use responses that someone can’t figure out through social engineering. For example: Q: What is the name of your pet? A: Mr. Ed.

Other Types of phishing

Vishing is a type of phone scam crooks use as social engineering to get the victim to share personal information and details on their finances. The Federal Trade Commission reports that three-quarters of their fraud complaints they receive still originate over the phone.Smishing scams are sent by fraudulent text messages over your cell phone. The text could purport to be from your bank and ask you to click on a link, which, like phishing, takes you to a fraudulent website to steal your personal information.Finally, don’t respond to a fake email or text message in any way. Remember that the key to staying safe online is awareness of scams and the ability to detect and avoid them.