AARP Eye Center
Phishing scams aim to acquire valuable personal and financial data, such as your Social Security number, credit card details or passwords for online accounts, to steal your identity, your money or both. They are mostly associated with email but can come in many forms, including social media messages, pop-up ads, “vishing” (voice phishing by phone), “smishing” (phishing by text message) and “pharming” (drawing victims to bogus websites).
By digital-age standards, it’s an old-school tool, dating to the mid-1990s, but phishing continues to grow in use and sophistication — and to respond to current events. The COVID-19 pandemic unleashed a bevy of fresh campaigns built around issues such as stimulus checks, vaccines and unproven treatments. The Internal Revenue Service, which disburses pandemic relief payments, said that in June and July 2021 reported phishing attempts "reached levels we haven't seen in more than a decade."
The scam often relies on impersonation, and phishers can be very good at it. They sound authoritative on the phone, trick caller IDs into showing a real corporate or government number and use well-known logos to make their emails and websites look genuine.
They bait the hook by promising goodies — free products or services, a big lottery prize, a government grant — or threatening legal or financial harm over a supposed unpaid tax or utility bill, for example. You might get a call or an official-looking email from your bank or from a tech company like Apple or Netflix, claiming a problem with your account.
You might even get a phishing email that appears to come from a family member, friend or work colleague. Some scammers hack accounts and gather personal details on victims to launch highly targeted attacks, a practice called spear-phishing. Global crime gangs use phishing emails in widespread business swindles to penetrate companies’ computer networks or trick employees into paying phony invoices.
Wherever their apparent source, phishing messages feign urgency (act now or you’ll risk arrest/have your account frozen/miss out on this special offer). You’ll be asked to quickly provide or “confirm” key pieces of personal or business information or be directed to click on a link, which might launch malware that harvests data from your computer or ransomware that takes over the machine and locks you out.