Conversation Guidelines:
Before you begin, it is important to remember that what may seem like basic knowledge can be new or confusing to others. This conversation guide can help you have a meaningful conversation on safety tips and warning signs.
Phishing Overview
Phishing is when bad guys use fake emails, to “fish” for information. These fake messages can look real, but they may link to fake websites. The website may look like a trusted, well-known company but it’s all a trick to get your personal information – such as Social Security number or bank and credit card account numbers. A more aggressive fake email may even invade your computer with malicious software (malware) or a virus as soon as you open the email.
Here’s how to start the conversation: “Have you gotten any emails recently from someone you don’t know asking you to do something or for information?”
Questions you can ask:
“Have you gotten any emails from your bank asking you to confirm account information?”
“Have you gotten any emails saying you have a payment problem and asking you to call a phone number?”
“Are you getting emails with blank spaces in them, or spelling mistakes?”
Possible questions you’ll get – and suggested answers:
What if I get an email from someone I don’t know?
If you receive an email from someone you don’t know the first thing you should do is read carefully. These things may mean it’s a scam:
- No name or email address in the “to” field. If that is empty, delete and ignore the email.
- If the email is from a public account but claims to be from a bank or other business, do not trust the email. Best thing to do is delete the email.
Why shouldn’t I click on a link in an email? How can I tell if I should click on a link or open an attachment?
It’s important to be cautious about opening attachments or clicking on links in emails. Bad guys can use files and links to install malware on your computer or trick you into giving them information. When you receive an email take the following steps to check it out:
- Only open attachments or click on links that come from people you know and trust.
- On a link - make sure the site address is correct. Bad guys may create a fake website with a slight misspelling in the business name to fool you.
- Secure websites have an “s” after “http” in the web address and a lock symbol at the bottom of the screen.
What if I receive an email or text telling me to call a phone number?
The safest thing you can do is use your favorite search engine to look up the website or phone number yourself. Or if it’s a company you do business with, check the number on your bill. Even though a link or phone number in an email may look like the real deal, don’t call the number in the email or text without checking it out. Contact the organization the sender claims to be from to help confirm the legitimacy of the email or text message.
Other Resources:
Phishing: Know Bait When You See It.