Skip to main content

How to Spot and Avoid Phishing Scams

How to Spot and Avoid Phishing Scams Image

Have you ever received an email or text that just didn’t seem right? Maybe it was addressed to you and supposedly from a company you knew, but something felt a little off? It may have been a phishing scam.

Phishing attacks happen when fraudsters try to trick you into sharing personal information like passwords or credit card data. These scammers may try to get you to click a link for what you think is a legitimate business or offer. Then, they hope you’ll enter your information on their fake website, which oftentimes match the look of the legitimate website. The link may also download malicious software that could harm your computer and steal information stored on it. Once fraudsters have your information, they may use it to try to get into your existing accounts or open new accounts in your name.

If you’ve clicked on a link you suspect was fraudulent, don’t be embarrassed. Scammers continue finding new ways to trick even the savviest among us. If you think you’ve given a scammer your information by accident, go to for specific steps to start your recovery from identity theft.

If you Clicked on a Phishing Link Image

Phishing scams are quite common. In fact, throughout our Consumer Financial Hardship Study, people have reported phishing as the digital fraud scheme they’ve been targeted by the most. If you get the occasional email that looks “phishy,” keep reading for some tips to help you spot and avoid these scams.

It’s not always easy to spot phishing at first glance

Emails and texts full of grammatical errors were the work of old-school, unsophisticated cyber criminals. Scams are now harder to notice at first glance. A site where the URL starts with “https” may seem secure, but scammers can buy these security certificates for their own imposter websites to trick you into thinking it’s legitimate. Even if a site or email seems real, if you weren’t expecting a communication from the company, reach out to their customer service to double check.

Beware of misspelled or shortened domains

These aren’t accidental typos like before. Scams tied to popular companies will use similar web addresses, but may have a URL that’s off by a single character. These similar, but fraudulent, web addresses may take you to a cloned website that looks identical to a company’s website where you normally do business. The scammer’s goal is to get you to enter your valuable information. Then, they can then try to use it for fraudulent purposes like taking out lines of credit in your name.

When cybercriminals send these links through email, they may try to hide or shorten links to make them hard to verify. Always be cautious with links in your emails. Many email providers provide a way to preview a link’s full web address without clicking on it. If you see a suspicious link in an email, hover over it with your mouse cursor. A pop-up or line should show up somewhere on your screen to show you the full address so you can see if it’s accurate.

Be cautious on social media as well

Fraudsters can also turn to social media to carry out phishing scams. Of course, never click on a link from someone you don’t know. But even if a family member or friend shares a link you don’t recognize, it could be that their account has been compromised. They may not realize they’re unknowingly sharing a fraudulent site. If a message or post from a family member or a friend seems unusual, reach out to them offline or through some other platform about the suspicious message you received.

Stay Safe From Phishing

To help protect your credit from digital fraud, there are some helpful things you can do right now. For instance, you can place a fraud alert on your credit report. A fraud alert tells lenders to take extra steps to confirm your identity when you apply for credit. You can also get free identity protection from TransUnion’s TrueIdentity.

You don’t need to feel paranoid when going through emails, texting or interacting on social media, but it’s smart to remain on guard. Be wary when giving out personal information—it takes less time to check that a website is real than it does to clean up identity theft. By keeping your data identity safe, you can help prevent delays in future credit opportunities you may want or need.

Disclaimer: The information posted to this blog was accurate at the time it was initially published. We do not guarantee the accuracy or completeness of the information provided. The information contained in the TransUnion blog is provided for educational purposes only and does not constitute legal or financial advice. You should consult your own attorney or financial adviser regarding your particular situation. For complete details of any product mentioned, visit This site is governed by the TransUnion Interactive privacy policy located here.

What You Need to Know:

The credit scores provided are based on the VantageScore® 3.0 model.  Lenders use a variety of credit scores and are likely to use a credit score different from VantageScore® 3.0 to assess your creditworthiness.

Subscription price is $29.95 per month (plus tax where applicable).