Phishing messages often appear to come from a legitimate source – like a bank, credit card company, or well-known brand – warning you that your account has been compromised somehow, or that you have won a sweepstakes that you entered. The message uses fear to “hook” the recipient to click on a link,enter their login or account credentials, or call a number and provide information over the phone. Emails sometimes mimic popular consumer companies like Amazon® or Google®. Other variations include malicious attachments, texts, or DMs, requesting account login details.
Phishing is a common scam that usually follows a three-step formula designed to trick unsuspecting recipients:
- The scammer sends a message or calls from what appears to be a legitimate source, like a financial institution, large business, or government agency.
- The phishing message includes a link or attachment and encourages you to click to log in to a malicious website, download an infected file, or call “customer service,” where you’re asked to provide additional personal or financial information to resolve the matter (which would actually be giving your information to scammers).
- For electronic requests, once you’ve clicked on a malicious link, entered a bogus URL, or downloaded an infected attachment, you may be taken to a fake website and/or you would have malicious software (“malware”) automatically loaded on your device.
The fake website will often copy the look and “feel” of a real site. But once you enter your personal information – like login credentials or credit card numbers – scammers can steal it.
Malware downloads often happen in the background without you knowing. By simply downloading an attachment that contains the malware, it’s possible to give the scammer complete control over your device, including access to files, stored passwords, or the ability for the bad actor to monitor your keyboard or type entries remotely.