Cyber crime logo Cyber crime logo
Step 4 of 4
Protect Yourself From Phishing

Phishing occurs when an attacker sends a fake message designed to trick you into providing private information, like a password, or downloading harmful software like ransomware or a virus. They may try to steal your username and passwords, or even your identity and financial assets.

Why is this important?

Phishing attempts can be effective because they are often designed to look like they come from someone you know or a website or company you trust. While these attempts can be hard to spot, many of them can be prevented if you’re aware of them or know what to look for

Case Study

There are many different types of phishing, which can happen over email, text message, messaging apps or even phone or voicemail. In real life, phishing attempts are harder to stop because they’ve become more sophisticated over the years.It is common to get caught because they’ve been designed to provoke participation. Below is a fictitious, dramatic example we made up. See how many red flags you can spot!


Sara received an urgent email from her bank account asking for immediate action. Sara isn’t sure what to do and needs your help. Read the email below and try to spot anything that looks suspicious.

phishing example
phishing example answers

To learn more about how to spot the red flags of phishing scams, visit ScamSpotter.org

phishing example
phishing example answers

To learn more about how to spot the red flags of phishing scams, visit ScamSpotter.org

Here’s what to do to spot malicious sites or phishing attempts

  1. Verify!

    When you receive a new message—especially one that looks suspicious, urgent, or unexpected—look closely at the email address, phone number, or social account it came from. Do you recognize it? Be suspicious of an email, text, social media message or even phone call asking you to reveal personal information, like a password or credit card number.

  2. Is it correct?

    Look-alike websites will often include extra letters, numbers instead of letters, or other subtle differences that can be easy to miss.

  3. Contact the apparent sender another way.

    For example, if you get a suspicious email from a company, call them using the number on your bill instead of the phone number in the email, or check their website by entering the address directly in your web browser instead of clicking on a link.

  4. Report it as suspicious.

    Most email providers contain a button for marking spam or suspicious emails which can help flag emails from that sender to other recipients.

  5. Learn how to spot future scams.

    As phishing scams become more sophisticated it's important to continously learn how to spot the red flags. Visit ScamSpotter.com.

Ready for more?

Check out the full CR Security Planner for a personalized plan.

Get my plan!

Share with Friends!

Share the #SecureTogether Challenge