Phishing is the fraudulent use of email to impersonate a trusted person or business. The emails will appear to come from a friend or family (whose email account has been compromised) or from a business, like Amazon or FedEx. Phishing emails will typically imply a sense of urgency for the recipient to send money or ask the person to click on a link to verify their account information. Here’s an example phishing email we dissected:


How can you protect yourself?

  1. Never open email from an untrusted source. If the email is from a person or business you know, does the content of the message seem odd? If so, call the person/business on phone numbers you know to be true (e.g. a friend’s cell phone or a business number from an official statement, etc.) and ask them to verify the message contents. This is especially important when the email has tactics to scare you (“We’ll cancel your account if you don’t click”), bribe you (“Click here for a free iPad”) or confuse you (“We never received your payment”).

  2. Hover on a link before you click it! Malicious URLs and websites can look almost exactly like a legitimate site, but may contain a mismatched URL (e.g., Annazon.com instead of Amazon.com ) or a misleading domain name (e.g., FedEx.tv).

  3. Maintain security software and settings. As a general rule of thumb, always maintain up-to-date anti-virus software, firewalls and email filters on your computer. Also, take advantage of any anti-phishing features offered by your email client and web browser.

  4. Report phishing email to spam@uce.gov.