← Back to Home

Category: Online & communication

Phishing & email scams

Most reported

Never enter your password, PIN, or one-time codes after clicking a link in an email or text. Legitimate companies will not ask for these by email.

How it often plays out

Maria gets an email that looks like it’s from her bank: “Your account will be locked in 24 hours. Click here to verify.” She clicks, enters her password on a site that looks real, and within hours her account is drained. The link didn’t go to her bank—it went to a copycat site run by scammers. She had entered her password and the code from her phone on a page that looked exactly like her bank; within hours her checking account was emptied and her card was used in another state. By the time she reached her real bank, the money was already gone.

By the numbers

  • Phishing was among the top reported fraud categories to the FTC in 2023.
  • IC3 received hundreds of thousands of internet crime complaints involving phishing and similar schemes.

How to spot it

  • Urgent warnings that your account will be locked or closed unless you act now.
  • Links or buttons in the email that look like your bank but the URL is slightly wrong (e.g. myb4nk.com).
  • Requests for your password, PIN, or one-time codes by email or phone.

Do's and don'ts

Do

  • Save the email or message (screenshot or forward) and note the sender and date.
  • Report to the FTC and IC3 using the links below.
  • Change passwords and alert your bank if you clicked a link or shared any info.

Don't

  • Click links or reply to the message.
  • Enter your password, PIN, or one-time codes.
  • Pay or send money.

Summary & what to do

Phishing is when someone uses fake emails, texts, or websites to steal your passwords, account details, or money. Report it so authorities can track and act on it.

What to do right now

  • Stop clicking links or replying. Do not enter passwords or pay anything.
  • Save the email or message (screenshot, forward, or note the sender and date).
  • Report using the links below. If you clicked a link or shared info, change passwords and alert your bank.

Where to report

Who: The FTC collects scam reports and shares with law enforcement.

When to use: Use for phishing attempts, fake login pages, or requests for money or personal info.

What to prepare:

  • The email or message
  • Sender address or phone
  • Dates

Go to FTC ReportFraud~5 min

Who: The FBI's IC3 handles internet crime including phishing.

When to use: Use when the scam was online (email, website, or app).

What to prepare:

  • URLs
  • Screenshots
  • What was lost or exposed

Go to IC3~10 min

Frequently asked questions

What if I already clicked the link?
Do not enter any information. Close the tab, run a security scan if you have antivirus software, change your password for that account (using the real site, not a link from the email), and report the phishing attempt to the FTC and IC3.
How can I tell if an email is really from my bank?
Check the sender address carefully—scammers often use lookalike domains. Do not click links in the email; instead, open your browser and type your bank's URL yourself, or use the bank's official app, and check your account or messages there.

Learn more

Need help now?