Sorry, you need to enable JavaScript to visit this website.


Office of the Chief Technology Officer

DC Agency Top Menu

-A +A
Bookmark and Share

How to Recognize and Protect Yourself from Phishing Scams

phishing image

Phishing scams continue to spread at alarming rates and are becoming more and more difficult to detect. It's important for you to understand how to recognize a phishing scam and know what you can do to protect yourself.

In recent years, phishing scams have occurred more frequently and are more clever.

Just recently, as reported by WAMU, potential DC Homeowners fell victim to a phishing scam that nearly cost them the purchase of a new home.

The most common phishing scams are delivered via emails that are allegedly from a company or agency you recognize. For example, your bank, a DC Agency, or even the FBI, CIA or Department of Homeland Security. While the emails will contain the official looking logos of the organization being impersonated, they also contain two very important tip-offs:

  1. There will be a strong sense of urgency requiring you to act immediately to prevent something terrible from happening to you(i.e., an account lockout, asset seizure, loss of opportunity to receive money, or even arrest).
  2. They will either have an attached file for you to complete or provide a website link that requests your personal information.

Keep in mind that the goal of phishers is to use a phishing scam to collect information that you wouldn’t hand out to just anybody. To do that, they need you to think that you’re dealing with an authority who has a valid reason for collecting this information.

Here are a few examples that a phisher may use to trick you:

  1. You receive an email from “SOFTWARE COMPANY Tech Support” requesting that you reset your user account.
  2. You receive an email or phone call from “Tech Support” stating that they found a virus on your system and need to log in to help.
  3. BANK” has noticed some suspicious activity with your credit card and has locked your account. To unlock your funds, you will need to complete an attached document and email it to them using the link provided in the document.
  4. The “FBI” has tracked illegal activity to your computer’s IP address. If you do not fill out the attached form and make a payment, a warrant will be issued to your local law enforcement agency.

Here are a few things that you can do to take to protect yourself:

  • Be cautious about all phone and email communications you receive. If they appear to sound or read like a phishing scam, do not respond. Delete it. You can also forward it to the Federal Trade Commission at [email protected].
  • Do not be frightened or intimidated by messages that have an alarmist tone. Double check with the official company if you are uncertain about the status of your accounts.
  • Always be cautious of individuals or organizations that ask for personal information. Most companies will not ask for sensitive data from its customers. If in doubt, you should verify with the company itself to avoid any potential issues.
  • Always take a close look at the sender’s display name when checking the legitimacy of an email. Most companies use a single domain for their URLs and emails, so a message that originates from a different domain is a red flag.
  • As a general rule, do not click links or download files from unknown sources even if they seem “trustworthy.”
  • Check for “mismatched URLs.” While an embedded URL might seem perfectly valid, hovering above it with your mouse pointer might show a different web address. In fact, you should avoid clicking links in emails unless you are certain that it is a legitimate link.
  • Always be on the lookout for any grammatical errors and spelling mistakes in emails. Legitimate companies will often employ proofreaders and editors who ensure that the materials they send out are error-free.
  • Although not everyone has access to advanced anti-phishing software, you can still use the built-in protection of your email client to filter phishing emails. One example is setting the email client to block all images unless approved. Images can contain hidden links in them that trick you into visiting a malicious website when the image is clicked.
  • Most companies will avoid sending unsolicited messages unless it’s for company updates, newsletters, or advertising purposes. Legitimate companies will never send “Confirmation Emails” unless there are specific reasons for doing so.
  • When you get a suspicious email, go to the website and call the number or email the resources listed on the legitimate company website. Do not call the number on the email which may be part of the phishing scam.
  • If it seems suspicious, it probably is. You should always use caution when it comes to giving out personally identifiable information through email and phone messages.