A phishing scam is a kind of identity theft in which hackers use fraudulent websites and fake emails, or assume a false identity over the phone, in an attempt to steal personal data such as passwords and credit card information.
Americans lost nearly $50 million last year to phishing schemes, according to the 2018 FBI Internet Crime Report. So far this year, more than 2,700 phishing scams have been reported to the Better Business Bureau's Scam Tracker.
"These scams pretend to be someone that you know, like a familiar company," says Katherine Hutt, a national spokesperson for the Better Business Bureau. The carefully crafted messages are meant to catch your attention, with warnings about suspicious activity on your online accounts or a potentially dire situation like an unpaid tax bill, missed jury duty, or a deactivated bank account.
One this year has targeted colleges professors by seeming to come from university deans.
The aim is to provoke you to react without thinking and click a link, share information, or download an attachment that likely contains malware.
Phishing scams tend to follow the same pattern, so understanding common tactics can protect you, says Hutt: "It's the technique you need to worry about, not the message." Here are three red flags to watch out for:
Your best option if you get a concerning email or call? Verify it. Find contact information you know to be legit for that company — for example, the toll-free number on the back of your credit card, or on the retailer's customer service page — and reach out. If there is an issue, authorized representatives will be able to confirm it and walk you through what to do next.
More from Grow: