Phishing is named after its use of "baits" to coax potential victims into “biting’ by clicking a malicious link or opening a malicious attachment. The purpose is to steal financial or other information and passwords stored on a computer or mobile device. Phishing can also be done on websites set up to look like, or spoof, a legitimate business website. Following these guidelines can help protect you from phishing schemes:

  • Be wary of suspicious (‘phishing’) emails. Never open attachments, click on links or respond to emails from suspicious or unknown senders
  • If you receive a suspicious email that you think is a phish or scam, do not respond or provide any information
  • Turn off the option to automatically download attachments. To make it easier to read mail, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and make sure to disable it
  • If you don’t know what someone is sending you, or if it is something the person wouldn’t normally send, don’t open it
  • Use trusted security software and set it to update automatically
  • Don't email personal or financial information. Email is not a secure method of transmitting personal information
  • Only provide personal or financial information through an organization's website if you typed in the web address yourself and you see signals that the site is secure, like a web address that begins https. However, no indicator is foolproof; some phishers have forged security icons
  • Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call to confirm your billing address and account balances
  • Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer's security

If you think you might have been tricked by a phishing email

Helpful websites