How Do I Identify a Phishing Scam?

YP Editors

Phishing is an attempt to either steal sensitive personal information, or to infect a computer with malware that can compromise its security. Phishing scams, can be sent through email or social messaging apps, like Facebook.

Email phishing scams often profess to be from a bank, a credit card company, a client, or an enormous and reputable company like PayPal, Apple, or FedEx. In addition to mimicking the company’s branding, the scammer will also fake a title, email name, and embedded link that seem to be from the company.

How to Spot a Phish

Typos and misspellings are major clues that a so-called official message is a phishing scam. Another indicator is if the email isn’t addressed to you correctly. If the greeting seems odd, or there are a lot of exclamation points in the copy, it’s best check the veracity of an email, even if the logo and company information seem real.

If it’s a phishing email, the actual email address and the URL will be from a domain not officially connected to the company. You can check the URL by hovering your cursor over the link and checking against the corresponding info that pops up in the lower-left corner of your browser.

Phishing scams often require that you click a link, so if you suspect you’ve received one, DO NOT CLICK THE LINK. On a similar note, do NOT download any attachments from suspicious senders. Another red flag is if the sender is prompting for sensitive personal information, like your bank account, social security number, or credit card information. Most reputable companies will not ask for this information unsolicited.

You can also check if an email is actually legit by hovering over it, or by hitting reply and checking the full email. Hitting “Reply” to an email does not involve the same risks as clicking on a bad link – unless you actually hit “Send,” in which case you’ll be likely to begin a conversation with the scammer on the other end.

Commonplace email phishing scams either claim the recipient is owed money, or warn them that their account is compromised. It might look like an invoice, an “urgent warning” that one’s account is going to be suspended, or an official request to activate an account. Almost all urge you to click a link to “update your information.”

Once You’ve Spotted a “Phishy” Email

If it’s a Facebook phishing scam, do not click any links or play any videos from suspicious senders. And if you receive a strange direct message or email from an account you know, don’t share any sensitive personal details. Also don’t call any strange 800 numbers that arrive in your inbox from suspect sources. If you are really unsure, call the official number on the company’s official website or on official materials from the institution.

In addition to marking these messages as Spam, if you have a few minutes, it doesn’t hurt to report them to your email provider and to the real institution whose identity is being forged. Most companies are aggressive about trying to crack down on phishing scammers and hackers.


One of the most famous phishing scams is the classic Spam-folder constant: the Nigerian Prince scam. You get an email from someone claiming that they need to move a great deal of money from an account abroad to the United States. The person will claim to know you, or that you are related to someone, or just that they need your help. All they need, as a show of good faith, is your bank account/social security number/date of birth, or confirmation of what they think is your banking information.

Another phishing scam making its way around Facebook Messenger will come from the compromised account of a Facebook friend, with an urgent message about how the friend was attacked or robbed in a foreign country and desperately needs you to send money. This scam caused a lot of trouble when it first began to make the rounds, because it was truly arriving from a known person’s active account. However, peculiar grammar and syntax in the messages provide the first signals, causing most recipients to call, text, or otherwise attempt to contact the friend via other means. Also, the people whose accounts had been compromised usually figured it out quickly.