Skip to main content

Phishing Scams

Phishing Scams

Phishing attempts happen both by email and text and target everyone. No one is immune. Even staff within the Department of Attorney General are regularly subjected to a variety of phishing email scams.  

Phishing emails and texts use believable stories or connections to engage the recipient and trigger a quick response. The goal is to obtain financial or personal information to commit fraud.

Signs of a phishing email.

  • Requiring urgent action and may be threatening or demanding.
  • Use of poor grammar and spelling mistakes.
  • Subject line includes an unfamiliar, generic, or no greeting at all.
  • Impersonator email addresses where the domain name does not match the hyperlink.
  • Includes unsolicited attachments or links.
  • Requests for login credentials, payment information, or sensitive data.
  • Includes offers too good to be true.   

Signs of a phishing text.

  • The text message is unsolicited.
  • The text sender has a long phone number (10 or more digits).
  • Includes a link that is likely shortened or scrambled.
  • Written with a sense of urgency.
  • Contains grammatical and spelling errors.
  • Promises of a reward or prize if you respond or click a link.
  • Requests for personal or financial information.
  Three Phishing Scam text message examples, first left side text from DMV, second right side text from FedEx, and third bottom text from ATT.

Do not reply to suspicious emails or texts. Do not click on links or attachments.  Instead, use your email spam filter to keep most phishing emails out of your inbox. Use built-in spam-blocking tools on your mobile device.  

Report phishing emails to the Anti-Phishing Working Group.

Report phishing texts by forwarding it to SPAM (7726).  

Report both phishing emails and texts to the Federal Trade Commission.

What is Phishing?

A cyberattack where a criminal poses as a trusted person/organization to trick potential victims into sharing sensitive data or sending money.

Here are a few ways to go Phishing.

  • Angler Phishing: Fake social media posts to get people to provide login information or to download malware.
  • Catphishing: Phishing with a romantic twist. Providing fake names and personal details, con artists gain trust through friendship and romance to trick victims into sending money or sensitive information.
  • Cloning: A cyberattack using replicates of a legitimate email address to spread malware.
  • Image: An email phishing attack using images to trick users into clicking on malicious links.
  • Pop-Up: The use of a pop-up about a problem with your computer's security or other issue to trick you into clicking. 
  • Smishing: Uses text messages or short message service (SMS).
  • Vishing: Making phone calls claiming to be from a reputable company to obtain sensitive data.
  • Website Spoofing: Fake websites that look legitimate but are used to collect personal data when logging in.