How to Spot and Avoid Phishing Scams Image

How to Spot and Avoid Phishing Scams

folded paper icon


Phishing is a common tactic used by scammers to try to get you to reveal valuable personal information. They may use what looks like legitimate emails and website links to trick you. But there are some simple signs you can watch out for to avoid becoming a victim.

Have you ever received an email or text that just didn’t seem right? Maybe it was addressed to you and supposedly from a company you knew, but something felt a little off? It may have been a phishing scam.

What is phishing?

Phishing attacks happen when fraudsters try to trick you into sharing personal information like passwords or credit card data. These scammers may try to get you to click a link for what you think is a legitimate business or offer. Then, they hope you’ll enter your information on their fake website, which often matches the look of the legitimate website. The link may also download malicious software that could harm your computer and steal information stored on it. Once fraudsters have your information, they may use it to try to get into your existing accounts or open new accounts in your name.

How to protect against phishing

The best way to protect yourself from falling victim to a phishing attack is to avoid clicking suspicious links. If you see something that feels off, take the following steps:

Reach out to the company directly

Emails and texts full of grammatical errors were the work of old-school, unsophisticated cyber criminals. Text message phishing attempts are sometimes referred to as “smishing”. Scams are now harder to notice at first glance

For instance, a site where the URL starts with “https” may seem secure, but scammers can buy these security certificates for their own imposter websites to trick you into thinking it’s legitimate. Even if a site, email or text seems real, if you weren’t expecting a communication from the company, reach out to their customer service to double check. Taking time out of your busy day to call customer service may seem like a chore, but that one call could save you a lot of time in the long run if it keeps you safe from identity theft and the accompanied recovery process.

Don’t use the phone number or email address provided in the suspicious email. Get the contact information from the company’s website directly. Tell the customer service agent the type of communication you received and the email address it came from. They’ll be able to let you know if it is legitimate or not.

suite icon

Pro Tip:

Regularly monitoring your credit report can help you fight ID theft. Be on the look out for accounts you don’t recognize.

Look for misspelled or shortened domains

Scams tied to popular companies will use similar web addresses, but may have a URL that’s off by a single character. These similar, but fraudulent, web addresses may take you to a cloned website that looks identical to a company’s website where you normally do business. The scammer’s goal is to get you to enter your valuable information. Then, they can then try to use it for fraudulent purposes like taking out lines of credit in your name.

When cybercriminals send links through email, they may try to hide or shorten links to make them hard to verify. Always be cautious with links in your emails. Many email providers provide a way to preview a link’s full web address without clicking on it. If you see a suspicious link in an email, hover over it with your mouse cursor. A pop-up or line should show up somewhere on your screen to show you the full address so you can see if it really belongs to the company.

Be aware of social media phishing

Fraudsters can also turn to social media to carry out phishing scams. Of course, never click on a link from someone you don’t know. But even if a family member or friend shares a link you don’t recognize, it could be that their account has been compromised. They may not realize they’re unknowingly sharing a fraudulent site. If a message or post from a family member or a friend seems unusual, reach out to them offline or through some other platform about the suspicious message you received.

If you Clicked on a Phishing Link Image

Regularly monitoring your credit report can help you fight ID theft. Be on the lookout for accounts you don’t recognize.

What to do after a phishing attack

If you’ve clicked on a link you suspect was fraudulent, don’t be embarrassed. Scammers continue finding new ways to trick even the savviest among us. If you think you’ve given a scammer your information by accident, go to for specific steps to start your recovery from identity theft. Consider placing a credit freeze and fraud alert on your credit report immediately to protect your data. There are additional steps to take to recover from the fraud, like contacting any companies were the fraud occurred and reporting the crime to local authorities. Time is of the essence, so responding quickly will help tremendously.

You don’t need to feel paranoid when going through emails, texting or interacting on social media, but it’s smart to remain on guard. Be wary when giving out personal information — it takes less time to check that a website is real than it does to clean up identity theft. By keeping your data identity safe, you can help prevent delays in future credit opportunities you may want or need.

Even if you haven’t been a victim of a phishing attempt, there are things you can do to help protect your data identity from digital fraud. 

Disclaimer: The information posted to this blog was accurate at the time it was initially published. We do not guarantee the accuracy or completeness of the information provided. The information contained in the TransUnion blog is provided for educational purposes only and does not constitute legal or financial advice. You should consult your own attorney or financial adviser regarding your particular situation. This site is governed by the TransUnion Interactive privacy policy located here.