The web Browser you are currently using is unsupported, and some features of this site may not work as intended. Please update to a modern browser such as Chrome, Firefox or Edge to experience all features Michigan.gov has to offer.
Spotlight On: Phishing
One of the most common cyber attacks that Michigan residents experience is phishing. While this type of digital threat is not new, phishing campaigns are continuing to increase in their frequency and sophistication. They have also become important parts of other cyber crimes, such as ransomware attacks.
Don’t get hooked. Protect yourself by learning more about phishing and what resources the State of Michigan offers to help combat and respond to phishing attempts.
What is a phishing scam?
Phishing scams are attempts by criminals and other malicious individuals to trick users into giving up sensitive information, using:
- Text messages
- Apps (including messaging)
- Social media
- Phone calls
A successful phishing attempt can result in compromised online accounts, from email and social media to bank accounts. Recovering from a successful phishing attack can take a great deal of time and effort, and compromised accounts are often used to target victims’ friends and family.
What happens during a phishing scam?
During a phishing attempt, you may receive a communication that:
- Appears to come from a familiar contact, such as a family member, a friend, or a business or organization that you interact with frequently. A scammer may have even personalized their message with information about you from social media to trick you into thinking the sender is someone you know.
- Looks official or branded with logos and other formatting. Scammers also use spoofing and URL shorteners to make a link look less suspicious.
- Urges you to act immediately. Messages that have legal, financial, occupational, or health-related ramifications will no doubt capture your attention. Phishing scammers use urgency to get you to act without thinking.
What should I do if I receive a phishing message?
If you suspect that you are part of a phishing scam, trust your instincts.
- If the message doesn’t feel right, don’t act on it. Don’t share personal information, especially financial account numbers.
- For email and text messages, mark the source as spam and block the sender to avoid similar scams in the future. Then, delete the email or text message.
- If you believe a phone call is a phishing scam, do not engage with the caller. Simply hang up.
If you aren’t sure about a message or call that seems urgent being a phishing attempt:
- Wait before you act. Sometimes, closing the email or text for a moment or putting the call on hold gives you a moment to get a better perspective on the issue.
- Investigate. Preview any links in an email by hovering your cursor over the web address or a text by pressing and holding the link.
- Reach out. For callers, look up the main contact number for the organization and call them back to verify the call was real.
What services does the state of Michigan offer residents to help with phishing?
First, protect yourself with Michigan Secure. This free mobile device protection app available to Michigan residents warns you when suspicious activity, such as a malicious app, or a questionable link, is detected on your device. Best of all, Michigan Secure protects your mobile device without collecting or transmitting your personal information.
If you would like details on recent phishing scams, visit the State of Michigan Attorney General’s Consumer Alerts site. If you believe that you may be the victim of a phishing scam, complete the Michigan Attorney General Consumer Complaint Form.
If you suspect that your business or organization may have been the victim of a large-scale phishing activity, contact the Michigan State Police’s Michigan Cyber Command Center (MC3) by calling 1-877-MI-CYBER or emailing MC3@michigan.gov.