Messages or websites phishing for information might ask you to enter the following details:
- Usernames and passwords
- Social Security numbers
- Bank account numbers
- PINs (Personal Identification Numbers)
- Full credit card numbers
- Your mother’s maiden name
- Your birthday
- Never reply to suspicious emails, tweets, or posts with your personal or financial information.
- Enter your password after following a link in an email or chat that you don’t trust. It’s better to go directly to the site.
- Don’t send your password via email.
- Only sign in to your account when you’re 100% sure you’re on the real site. If you’re not quite sure, check the Internet address in your web browser. For example, this is a fake URL:
Most email providers, including Gmail, allow you to report suspicious emails and phishing scams. Reporting a message as phishing will prevent that user from sending you more emails, and they will use the report to help stop similar attacks.
- Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It means your information is secure during transmission.
- Suspicious e-mail can be forwarded to firstname.lastname@example.org, and complaints should be filed with the state attorney general's office or through the FTC at www.ftc.gov.