Email Phishing Scams

Protect yourself from malicious emails, credential theft, and phishing attacks. Learn to identify and avoid email-based fraud.

Back to All Scams

Warning: Phishing emails are becoming increasingly sophisticated. Always verify requests for personal information through official channels, never through email links.

How Email Phishing Works

Email phishing involves sending fraudulent emails that appear to come from legitimate organizations like banks, government agencies, or popular websites. These emails typically contain links to fake websites designed to steal login credentials, or attachments containing malware.

Modern phishing attacks are highly sophisticated, often using official logos, formatting, and language that closely mimics legitimate communications. Some attacks are targeted (spear phishing) and include personal information to appear more credible.

Common Examples

Bank Account Phishing

Fake emails claiming your account is compromised, directing you to fake login pages to steal credentials.

Tax Season Phishing

IRS impersonation emails requesting personal information or claiming you're owed a refund.

Package Delivery Scams

Fake shipping notifications from UPS, FedEx, or Amazon with malicious links or attachments.

Business Email Compromise

Scammers impersonate executives or vendors to trick employees into transferring money or data.

Warning Signs

Urgent language demanding immediate action
Generic greetings like "Dear Customer" instead of your name
Suspicious sender addresses that don't match the claimed organization
Links that don't match the legitimate website URL
Requests for passwords, SSN, or other sensitive information
Poor grammar, spelling errors, or awkward phrasing
Unexpected attachments or download requests

How to Protect Yourself

Verify sender identity through independent channels
Hover over links to see actual destinations before clicking
Type website URLs directly instead of clicking email links
Use multi-factor authentication on all important accounts
Keep email software and security systems updated
Be cautious with email attachments, especially from unknown senders
Report and delete suspicious emails immediately

What to Do If You've Been Phished

Change passwords immediately on any accounts that may be compromised
Enable two-factor authentication on all important accounts
Contact your bank if financial information was provided
Run antivirus scans if you downloaded attachments or software
Monitor accounts for unauthorized activity
Report the phishing attempt to relevant authorities
Consider credit monitoring if personal information was compromised

How to Report Phishing Emails

Anti-Phishing Working Group

Forward phishing emails to reportphishing@apwg.org

Learn More

FBI Internet Crime Complaint Center

Report phishing and email fraud

Report to IC3

Think Before You Click

When in doubt, don't click links or download attachments from emails. Instead, go directly to the organization's official website or contact them through verified phone numbers.

Report Phishing Contact Us