How to spot and protect yourself from phishing

Phishing is a tactic that scammers use to acquire valuable personal and financial data, such as your Social Security number, credit card details or passwords for online accounts, and to

steal your identity, your money or both. They are mostly associated with email but can come in many forms, including: social media messages, pop-up ads, vishing (phishing by phone), smishing

 (phishing by text message), pharming (phishing by drawing victims to bogus websites).​​ By digital-age standards, phishing is an old-school tool, dating to the mid-1990s, but it continues

to grow in use and sophistication. The FBI’s latest Internet Crime Report says the most frequently reported crimes in 2024 were phishing-related; it received more than 193,000 such reports

last year, citing more than $70 million in total losses (though scams are notoriously underreported, so the actual numbers are likely to be far higher).   ​​ The scam often relies on

impersonation, and phishers can be very good at it. They sound authoritative on the phone, change caller IDs to show a real corporate or government number, and use well-known logos to make

their emails and websites look genuine.​​ They bait the hook by promising goodies — free products or services, a big lottery prize, a government grant — or threatening legal or financial

harm over a supposed unpaid tax or utility bill, for example. You might get a call or an official-looking email from your bank or from a tech company like Apple or Netflix, claiming that

there’s a problem with your account.​​ Another common version: fake package delivery messages, seemingly from the U.S. Postal Service, FedEx or UPS, warning about some sort of delivery

problem.