What you need to know to keep yourself safe from phishing scams


A phishing scam is a kind of identity theft in which hackers use fraudulent websites and fake emails, or assume a false identity over the phone, in an attempt to steal personal data such as passwords and credit card information.

Americans lost nearly $50 million last year to phishing schemes, according to the 2018 FBI Internet Crime Report. So far this year, more than 2,700 phishing scams have been reported to the Better Business Bureau's Scam Tracker.

How phishing works

"These scams pretend to be someone that you know, like a familiar company," says Katherine Hutt, a national spokesperson for the Better Business Bureau. The carefully crafted messages are meant to catch your attention, with warnings about suspicious activity on your online accounts or a potentially dire situation like an unpaid tax bill, missed jury duty, or a deactivated bank account.

One this year has targeted colleges professors by seeming to come from university deans.

The aim is to provoke you to react without thinking and click a link, share information, or download an attachment that likely contains malware.

How to spot a phishing scam

How to protect yourself

Phishing scams tend to follow the same pattern, so understanding common tactics can protect you, says Hutt: "It's the technique you need to worry about, not the message." Here are three red flags to watch out for:

  1. Generic wording: "You have to be careful about anything that comes to you unsolicited," says Hutt. Don't trust messages related to your bank or credit cards that don't include your name or account details. "Be careful of generic language such as 'Dear friend,' or 'Dear customer,'" she says. "If it's not addressed to you personally, that's a red flag." Grammar and spelling errors are another warning sign. Reputable companies rarely ever have typos in their correspondence to you.
  2. Not-quite-right emails and web sites: Often times, phishing emails are sent from what look like reputable brands but are, on closer inspection, from phony email addresses. For instance, Amazon says that if an email comes from an internet service provider (ISP) other than, it is fraudulent. Hovering over links with your cursor — to see if there are random numbers or symbols rather than the company's proper name — can help you discover whether you're being led astray.
  3. Unsolicited phone calls: Scammers can phish over the phone as well. If someone claiming to be your service provider or financial institution calls you asking to verify information, ask if you can call them back. Then look up the number to make sure it was the actual company trying to reach you.

Your best option if you get a concerning email or call? Verify it. Find contact information you know to be legit for that company — for example, the toll-free number on the back of your credit card, or on the retailer's customer service page — and reach out. If there is an issue, authorized representatives will be able to confirm it and walk you through what to do next.

More from Grow:

acorns+cnbcacorns cnbc

Join Acorns


About Us

Learn More

Follow Us

All investments involve risk, including loss of principal. The contents presented herein are provided for general investment education and informational purposes only and do not constitute an offer to sell or a solicitation to buy any specific securities or engage in any particular investment strategy. Acorns is not engaged in rendering any tax, legal, or accounting advice. Please consult with a qualified professional for this type of advice.

Any references to past performance, regarding financial markets or otherwise, do not indicate or guarantee future results. Forward-looking statements, including without limitations investment outcomes and projections, are hypothetical and educational in nature. The results of any hypothetical projections can and may differ from actual investment results had the strategies been deployed in actual securities accounts. It is not possible to invest directly in an index.

Advisory services offered by Acorns Advisers, LLC (“Acorns Advisers”), an investment adviser registered with the U.S. Securities and Exchange Commission (“SEC”). Brokerage and custody services are provided to clients of Acorns Advisers by Acorns Securities, LLC (“Acorns Securities”), a broker-dealer registered with the SEC and a member of the Financial Industry Regulatory Authority, Inc. (“FINRA”) and the Securities Investor Protection Corporation (“SIPC”). Acorns Pay, LLC (“Acorns Pay”) manages Acorns’s demand deposit and other banking products in partnership with Lincoln Savings Bank, a bank chartered under the laws of Iowa and member FDIC. Acorns Advisers, Acorns Securities, and Acorns Pay are subsidiaries of Acorns Grow Incorporated (collectively “Acorns”). “Acorns,” the Acorns logo and “Invest the Change” are registered trademarks of Acorns Grow Incorporated. Copyright © 2021 Acorns and/or its affiliates.

NBCUniversal and Comcast Ventures are investors in Acorns Grow Incorporated.