So, you got an email from your long-lost Nigerian-prince cousin?

In general, if something sounds too good to be true, it probably is. And that includes Nigerian princes needing your help — and an influx of cash — to claim a vast fortune that you’ll get to share. It’s just one example of phishing, a practice of deception to gain access to sensitive personal information.

Phishing is happening all the time, and it takes a good eye and extreme vigilance to protect yourself and your information.

How scammers phish

The Nigerian prince scam may be legendary and blatant, but phishing schemes have grown more elaborate, veiled and numerous over time. Perpetrators will present themselves as a trusted entity or individual to get you to compromise your computer or information, in turn allowing them to inflict harm such as stealing your identity or assets.

Attackers rely on human error to breach security and can gain a foothold with a well-presented email, text, phone call or website. They typically have one of two goals. The first is to learn personal information, such as a user name, password or account number, to gain unrestricted access to financial or other accounts. The second is to have you unwittingly download malware, which infects and compromises the security of your computer and information.

Much like bait on a hook draws fish, attackers are hopeful that their bait will be enough to get you to bite and get reeled in.

Sink the phishing boat

  1. Do not open emails that are unexpected or look suspicious. Maybe someone is sharing a Google doc for your input, but unless you’ve been expecting it, you should take a closer look before opening it up. As with any unexpected messages, check the sender’s email address to ensure that it is from a trustworthy source. Emails that are clearly suspicious should be deleted immediately.
  2. Do not provide personal and financial information via email. Legitimate financial institutions and other organizations will not ask you to disclose sensitive personal information in a non-secure environment. If you receive a questionable email, text or phone call asking you to confirm details like payment information, user name or security answers, hold off on responding. Don’t call or email the individual back at the contact info they provide. Instead, contact the company’s posted customer service line or email to ensure the request is valid.

    Similarly, if you’ve received a link in an email to update your account information, be aware that you could be led to a fraudulent website. Rather than click the link, call customer service or access your account directly from the organization’s website, where you should be able to check a secure message center for any instructions.

  3. Be wary of links and attachments. If you receive unsolicited messages with attachments or links, avoid opening or clicking. Such messages may contain malware or lead you to a malicious source. For messages with hyperlinks, hover your mouse over the link to see if the web address looks fraudulent. If you receive an attachment and the sender is someone you know, confirm that they are sharing a safe file and haven’t been hacked.
  4. Watch the language. Let’s face it, an attacker’s strong suit probably isn’t writing. Look for spelling errors, questionable grammar and poor sentence structure. An odd turn of phrase may be enough to alert you that something is off, particularly if the sender appears to be someone who has always been professional and coherent.
  5. Don’t give in to the fear. What could be worse than having the IRS on the phone demanding payment for back taxes? Getting taken in by attackers posing as the IRS. Scammers sow fear, uncertainty and doubt, and they use those emotions to elicit a sense of urgency. Rarely will the IRS — or any other organization operating on the up-and-up — give you no prior written notice to settle an obligation. Take a deep breath and do some quick due diligence for assurance.

Being vigilant and informed is your best defense against phishing. For additional information and resources, visit the Federal Trade Commission’s Consumer Information center, or visit our security pages for more security tips.