Skip to main content

Hijacking Your Text, Email, and Instant Messages: A New Angle on "Phishing" Scams

What you need to know:

Criminals insert themselves into private text, email, or instant message conversations, making the communication look safe because it is coming from a trusted source.

This sophisticated two-step scam starts with what’s known as a “phishing” attack that steals login credentials. Once criminals have access to your account, the next step is to get into your ongoing conversations and send scam messages and malware from you. There are two victims in a “phishing” scam — the person whose account is being hijacked and the person who receives the message that appears to be from you. The recipients are more likely to click on links or attachments in those messages because they appear to have come from you. And when they do, they are pitched a bogus opportunity, prompted to provide personal information, or otherwise scammed — by an email that may have malware already installed.

Spot It:

  • You receive a text, email, or instant message from a trusted source that asks for login credentials or other personal information.
  • You receive a text, email, or instant message from a trusted source with a link or an attachment you were not expecting.
  • You receive an unexpected text, email, or instant message offering an opportunity after you clicked on a message from a trusted source and provide personal information.

Stop It: 

  • Never share your passwords or login credentials with anyone who contacts you.
  • Never click on unsolicited links, open unexpected attachments, or trust the contents of a communication without verbally verifying the authenticity with the sender through a different mode of communication, like a telephone call or in-person conversation.

To report a scam, file a complaint, or get additional information, contact the Michigan Attorney General:

Phone: 517-335-7599
Fax: 517-241-3771
Consumer Protection Division
P.O. Box 30213
Lansing, MI 48909