How to prevent becoming a victim of a phishing scam

Have you, or anyone you know, ever been a victim of a phishing attack? What did you do about it? What should you do about it if it happens again?

A recent survey by Avast of 2,022 U.S. consumers revealed that more than half of the population (52%) had, in fact, been targeted by a scam – mostly in a personal context. Think about that: scammers are hard at work, hitting every other household with an increasingly diverse array of schemes at their disposal. Also, think about this: nearly half of those targeted (47%) didn’t even report the incident.

If you encounter a scam, you should hit back. If you’ve lost money, authorities can help you get it back. You can help to ensure that others at your company or in your neighborhood don’t get targeted themselves. We have some steps to follow if a scammer comes your way.

Phishing attempts come in a variety of forms. Based on the survey results, the largest numbers of encounters come through emails (35%), where a malicious link or attachment comes from a communication that looks like it’s from a legitimate organization. Phone phishing (23%), phishing websites (20%) and text message scams (18%), where a phony organization often claims the recipient won a prize, are popular, as well.

Why didn’t respondents report their scams?

While some said they didn’t feel threatened by the attempt (16%) or didn’t imagine anyone else would fall for it (25%), a significant chunk didn’t know where to report a phishing scam (24%). Clearly, there’s confusion out there about what to do and who to reach out to for help if you find yourself on the wrong side of a phishing scam.

Those who did report scams sought help from various appropriate parties. They connected with the company the scammer was pretending to be from (22%), their email provider (21%), their own company (14%) and/or the police (10%). A surprisingly low percentage (8%) reached out to their antivirus software provider – a source that does have tools and advice that can effectively safeguard consumers from phishing forays.

How to spot a phishing scam (and stop it in its tracks)

Phishing scams are effective because they are very convincing - from brand logos and official language, to knowing personal information about you. So, first steps when handling a phishing scam is knowing how to spot it in the first place:

The sender name is vague and the sender’s email address is long or convoluted

The email’s subject line is attention-grabbing or alarmist

The email urges immediate action of some kind

An offer of a major discount is dangled

The email cites some pretense for seeking your personal information, including log-in information to a website.

The email urges you to click hyperlinked text without clarifying where you are clicking

Once you’ve identified a scam email, there are steps you can follow to protect yourself and protect others. Avast has developed a detailed guide to understanding phishing and how to defend yourself.

When trying to protect yourself against a phishing scam, though, there are a few key tips to keep in mind:

Don’t click on any attachments, which can install harmful malware.

Don’t click on any links, especially if the email urges you to go to a website and provide any information.

Don’t reply to the suspicious email or use a phone number or other contact information in the email.

Look closely at the sender’s email address and any web addresses in the email for deviations from the official name of the business or sender.

If you’re using personal email, and a message claims a business is urgently trying to reach you, you can call or reach out to the business by looking up contact information online or on an old bill. Do not use any contact information provided in the suspicious email.

Get two-factor authentication on your email program, and consider changing your email password and any other related passwords.

Once you’ve identified a phishing email, it’s important to report it to the proper authorities to protect both yourself, but everyone else, from falling victim unknowingly:

Your personal email platform often allows you to report phishing emails. In Gmail, there is a drop-down menu next to the reply button with that option.

You can also forward a phishing email to the U.S. Federal Trade Commission at spam@uce.gov and reportphishing@apwg.org.

If you already replied to a suspicious email, clicked on an attachment or link, or provided personal information, tell your company’s IT team if you are at work or go to IdentityTheft.gov . There you’ll see the specific steps to take based on the information that you lost.

If you already replied to a suspicious email, clicked on an attachment or link, or provided personal information, tell your company’s IT team if you are at work or go to There you’ll see the specific steps to take based on the information that you lost. If you are using your work email account, contact the IT team. They may want you to forward them the email, but ask first.

Phishing, unfortunately, is alive and well. You and your neighbors are being targeted. If someone tries to extract information from you over email, phone, text or the web, be prepared. It’s your best defense.

For more information: