Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Cybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and ResilienceCybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
  • About
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    CISA GitHub
    CISA Central
    Contact Us
    Subscribe
    Transparency and Accountability
    Policies & Plans

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. Secure Our World
  3. Recognize and Report Phishing
Share:
Secure Our World Hero Image

Recognize and Report Phishing

Avoid phishing with these simple tips.

Don’t Take the Bait

Phishing occurs when criminals try to get us to open harmful links, emails or attachments that could request our personal information or infect our devices. Phishing messages or “bait” usually come in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organization, to get us to respond.

Recognize and Report Phishing

How to Avoid Phishing! (We Can Secure Our World)

Recognize and Report Phishing | Audio Description

How to Avoid Phishing! (We Can Secure Our World) | Audio Description

Stay Safe with Three Simple Tips

1. Recognize

Look for these common signs:

  • Urgent or emotionally appealing language, especially messages that claim dire consequences for not responding immediately
  • Requests to send personal and financial information
  • Untrusted shortened URLs
  • Incorrect email addresses or links, like amazan.com

A common sign used to be poor grammar or misspellings although in the era of artificial intelligence (AI) some emails will now have perfect grammar and spelling, so look out for the other signs.

2. Resist

If you suspect phishing, resist the temptation to click on links or attachments that seem too good to be true and may be trying to access your personal information. Instead, report the phish to protect yourself and others. Typically, you’ll find options to report near the person’s email address or username. You can also report via the “report spam” button in the toolbar or settings.

3. Delete

Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. Just delete.

decorative tipsheet icon

Phishing Tip Sheet

Download the Secure Our World Phishing Tip Sheet to share with friends and family. 

Download Tip Sheet 

If a message looks suspicious, it's probably phishing. 

However, if you think it could be real, don't click on any link or call any number in the message. Look up another way to contact the company or person directly:

  • Go to the company's website and capture their contact information from the verified website. Search for the site in your web browser or type the address yourself if you’re sure you know it.
  • Use another way to reach the person to confirm whether they contacted you. For example, if you get a strange message from your friend on Facebook, and you have their phone number, text or call them to ask if they sent the message.

Omar Got Phished and Now Knows How to Avoid Phishing

decorative photo of Omar

Omar is a busy professional who works long hours, regularly goes to the gym, and makes time for friends and family. Like many of us, he usually shops online.  

One day, Omar received an email that looked like it came from an online order. The email said his payment didn’t go through, and he needed to log into his account to approve the payment method. The email inserted a shortcut link to a website that looked like the vendor’s and insisted he sign into his account immediately.    

Because Omar was in a hurry, he didn’t realize that the email and website weren’t quite right. Omar should have noticed the email address was not from his vendor’s dot com domain and that the urgent messaging in the email was sent from a hacker using a login credential phishing attempt, where the hacker tricked Omar into revealing his login credentials. 

Once Omar had logged into the fake site and approved the “purchase,” hackers were able to steal his password and credit card information. They made various purchases using Omar’s money.   

Luckily, Omar was able to eventually recover most of his financial losses, although it took many hours on the phone with his bank and the retailer to figure it out.    

Now, Omar pauses and thinks twice when he receives urgent messages requesting information. He knows what warning signs to look out for, like messaging requiring immediate response, and always types the retailer’s website directly into the URL instead of clicking a link in an email. Omar enjoys shopping online with less stress since he knows how to secure his world.

Other Ways We Can Protect Ourselves Online

Online criminals look for easy targets, like people who don’t take basic precautions. If we take the following steps, we won’t be as vulnerable to their deceptive tactics. It will be much harder to scam us or steal our information. Let’s start now.

decorative photo: family looking at a tablet

Secure Yourself & Your Family

We can all protect ourselves, our friends and our families from online threats. It’s fast. It’s easy.

decorative photo of people using a tablet

Use Strong Passwords

Using strong passwords and a password manager are some easy ways to protect ourselves from someone logging into an account and stealing data or money.

decorative photo of a person using the phone

Turn on MFA

Multifactor authentication means using more than a password to access an app or account. With MFA, we might be asked to enter a text code or use a fingerprint. It alerts us and prevents others from accessing our accounts.

decorative photo of a father and daughter looking at a tablet

Update Software

Don't delay software updates. Flaws in software can give criminals access to files or accounts. Programmers fix these flaws as soon as they can, but we must install updates for the latest protection!

Related Content

Cybersecurity Awareness Month 2024

October is Cybersecurity Awareness Month

Download the free Cybersecurity Awareness Month 2024 toolkit!

decorative photo: individuals on a computer

Avoiding Social Engineering and Phishing Attacks

Check out this blog post for more tips on avoiding phishing and other forms of malicious online activity.

decorative photo

Staying Safe on Social Networking Sites

Revealing too much online can give criminals information they can use to phish you specifically. Check out these tips!

Return to Secure Our World

Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback