• Discounts and special offers
  • Subscriber-only articles and interviews
  • Breaking news and trending topics

Already a subscriber?

By signing up, you accept Moneywise's Terms of Use, Subscription Agreement, and Privacy Policy.

Not interested ?

What is phishing?

Phishing is an attempt by hackers or cyber criminals to lure people into sharing sensitive personal information — such as usernames, passwords, credit card details and social security numbers — which they can then use to exploit or steal from you.

They do this by sending maliciously crafted emails, text messages or even phone calls from seemingly trustworthy sources, such as a colleague, acquaintance or an organization such as a bank or the IRS.

Most of these emails or messages aim to entice victims into clicking on a dodgy link that will ask for certain log-in credentials or other personal information.

Phishing has proven to be a very popular and lucrative scam for fraudsters. The FBI’s Internet Crime Complaint Center (IC3) received 800,944 complaints in 2022, with losses exceeding $10.3 billion. Phishing schemes were the number one crime type with 300,497 complaints and, for the first time, investment schemes reported the highest financial loss to victims.

IC3 reported that victims aged 30-39 were the largest reporting group, while the greatest dollar loss was incurred by citizens aged 60 and up.

It’s very difficult to gain complete cyber security, but here are some ways to reduce your risk of taking common bait and becoming a phishing victim.

Don't miss

How to protect yourself from scams

First and foremost, you have to educate yourself so that you understand what a phishing email or malicious link might look like.

In email form, fraudsters will typically use a subject line that entices you to open the message, such as an alert, an update, a required action or a request for information. For instance, you could receive an email from someone pretending to be from your bank asking you to sign in via a dodgy link (whereby they can steal your credentials) in order to update some information.

There are ways to identify fraudulent messages. You should always check the sender email address for unusual spellings or email domains. Often, they’ll try to look like a legitimate domain so as not to rouse suspicion, but they might have one slight difference like a number or symbol instead of a letter (such as name@gmai!.com).

The U.S. Cybersecurity & Infrastructure Security Agency warns people to watch out for generic greetings (such as “Dear valued member,” “Dear account holder” or “Dear customer”), spelling or layout errors, spoofed hyperlinks and suspicious attachments.

Whether you’re using email, social media or even just browsing the internet and thinking about clicking on a pop-up ad, you should never download an attachment, an application or even a software patch if you’re not sure what it is as you could unwittingly download a trojan horse.

Likewise, you should always hover your mouse over a hyperlink before clicking in order to see where the link will take you. Similar to dodgy email domains, it’s easy to fake URLs through spelling errors and other anomalies.

Finally, there are digital hygiene practices that every American should put in place. Wherever possible, you should consider using multi-factor authentication (MFA) to gain access to your online applications and accounts. Beyond putting in your username and password, MFA requires more verification factors, such as a pin from a text message or phone app, in order to gain access.

You should also make every effort to keep your digital software and internet browsers up to date with appropriate antivirus software installed. While none of these actions are completely fail-safe, they could protect you from a costly slip up in the future.

What to read next

About the Author

Bethan Moorcraft

Bethan Moorcraft


Bethan Moorcraft is a reporter for Moneywise with experience in news editing and business reporting across international markets.

What to Read Next


The content provided on Moneywise is information to help users become financially literate. It is neither tax nor legal advice, is not intended to be relied upon as a forecast, research or investment advice, and is not a recommendation, offer or solicitation to buy or sell any securities or to adopt any investment strategy. Tax, investment and all other decisions should be made, as appropriate, only with guidance from a qualified professional. We make no representation or warranty of any kind, either express or implied, with respect to the data provided, the timeliness thereof, the results to be obtained by the use thereof or any other matter.