Email Phishing Scams
Protect yourself from malicious emails, credential theft, and phishing attacks. Learn to identify and avoid email-based fraud.
Back to All ScamsHow Email Phishing Works
Email phishing involves sending fraudulent emails that appear to come from legitimate organizations like banks, government agencies, or popular websites. These emails typically contain links to fake websites designed to steal login credentials, or attachments containing malware.
Modern phishing attacks are highly sophisticated, often using official logos, formatting, and language that closely mimics legitimate communications. Some attacks are targeted (spear phishing) and include personal information to appear more credible.
Common Examples
Warning Signs
- Urgent language demanding immediate action
- Generic greetings like "Dear Customer" instead of your name
- Suspicious sender addresses that don't match the claimed organization
- Links that don't match the legitimate website URL
- Requests for passwords, SSN, or other sensitive information
- Poor grammar, spelling errors, or awkward phrasing
- Unexpected attachments or download requests
How to Protect Yourself
- Verify sender identity through independent channels
- Hover over links to see actual destinations before clicking
- Type website URLs directly instead of clicking email links
- Use multi-factor authentication on all important accounts
- Keep email software and security systems updated
- Be cautious with email attachments, especially from unknown senders
- Report and delete suspicious emails immediately
What to Do If You've Been Phished
- Change passwords immediately on any accounts that may be compromised
- Enable two-factor authentication on all important accounts
- Contact your bank if financial information was provided
- Run antivirus scans if you downloaded attachments or software
- Monitor accounts for unauthorized activity
- Report the phishing attempt to relevant authorities
- Consider credit monitoring if personal information was compromised
How to Report Phishing Emails
Forward phishing emails to reportphishing@apwg.org
Learn MoreReport phishing and email fraud
Report to IC3Think Before You Click
When in doubt, don't click links or download attachments from emails. Instead, go directly to the organization's official website or contact them through verified phone numbers.