Skip Header Navigation


How to protect yourself from phishing attacks and online identity theft

Phishing emails are effective because the senders have worked hard to make them appear to be from a legitimate company or organization. They may use the same wording as official emails, have a similar design, make use of the same graphics, and include links to the "real" official site, and so on.

Stage 1: Be Aware

Here are some telltale signs to look for in phishing emails:

  • A request for personal information
    Banks and financial institutions, and other reputable companies; will never ask you for personally identifying information by email. Phishing emails, on the other hand, may target your credit card number, social security information, your mother's maiden name, your date of birth and other sensitive details.
  • Poor grammar or spelling, or a strange choice of words
    One sign of a phishing email is an unusual turn of phrase or evidence of poor spelling or bad grammar. Many phishing scams originate in countries where the first language isn't English. Reputable companies on the other hand will generally have professional, polished form emails they use to communicate with clients.
  • A sense of panic or urgency
    One common phishing tactic is to tell you that the security of your bank account has been compromised, and that you have to provide some personal details in order to identify yourself. Or the email may include a warning about a purchase that you didn't make, and a short deadline for you to cancel the order or dispute the charges. No reputable bank or other financial institution, for example, would choose email as the first way to let their customers know that their bank account has been compromised.
  • A lack of specific personal details
    Your bank account and other businesses that deal with you already know your name, your account number and other information that's specific to you. Phishing emails or the other hand will often be very generally worded, since the sender rarely knows much about you.

Stage 2: Be Cautious

  • If you're in any doubt about the origin of an email message, or it looks suspicious in any way, then contact the business that allegedly sent it via a different route.
  • Don't reply to the initial email, or click on any of the links embedded in it.
  • If you want to check something that's mentioned in the email, for example if you want to log into your bank account and look at recent transactions, then go directly to the homepage of the company in question by typing their web address into your browser or by navigating using a bookmark you know is safe. That way, you'll know you're always starting at a legitimate site.