What is phishing?

Phishing is a common internet scam that uses official-looking email messages and websites to get you to share personal information for criminals to commit identity theft and fraud.

Common red flags

Be cautious of any email or website that asks for sensitive information and watch for these red flags before sharing information electronically.

  • Mistakes in grammar or spelling. Real organizations do mess up once in a while, but if the message is so full of errors your elementary school teacher wouldn't accept it, it's likely a scam.

  • TO/FROM address that seems fishy. FROM addresses can be easily forged, so pay attention to the TO field. Is your email address listed? If not, the message is likely a phishing attempt.

  • No personal information in the email. Most legitimate institutions have your information on file and will address you by name. A "Dear Valued Customer" salutation is suspect. However, phishers can mine public records and social networking sites for your personal details, so don't assume a message is safe just because it contains your name or other trivia.

  • Requests for personal information. Sensitive information such as passwords, bank account numbers and social security numbers should never be sent via email. Brightspeed, PayPal, and your bank are examples of companies that would never ask for personal information in an email.

Report phishing

You can forward suspected phishing emails to:

If you have fallen victim to phishing, file a report with the Federal Trade Commission or call 877-438-4338.


If you are a victim of Identity Theft, you can minimize the potential damage. For more information go to the Federal Trade Commission.

Was this page helpful?