Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content
Content starts here
CLOSE ×
Search
Leaving AARP.org Website

You are now leaving AARP.org and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

Phishing


Phishing scams aim to acquire valuable personal and financial data, such as your Social Security number, credit card details or passwords for online accounts, and to steal your identity, your money or both. They are mostly associated with email but can come in many forms, including social media messages, pop-up ads, “vishing” (voice phishing by phone), “smishing” (phishing by text message) and “pharming” (drawing victims to bogus websites).​​

By digital-age standards, it’s an old-school tool, dating to the mid-1990s, but phishing continues to grow in use and sophistication. The FBI’s latest Internet Crimes Report cites 300,497 reports of phishing-related crimes, resulting in a total loss of more than $52 million, in 2022 (though scams are notoriously underreported, so the actual numbers are likely to be far higher).   ​​

The scam often relies on impersonation, and phishers can be very good at it. They sound authoritative on the phone, change caller IDs to show a real corporate or government number, and use well-known logos to make their emails and websites look genuine.​​

They bait the hook by promising goodies — free products or services, a big lottery prize, a government grant — or threatening legal or financial harm over a supposed unpaid tax or utility bill, for example. You might get a call or an official-looking email from your bank or from a tech company like Apple or Netflix, claiming that there’s a problem with your account.​​

Another common version: fake package delivery messages, seemingly from the U.S. Postal Service, FedEx or UPS, warning about some sort of delivery problem.

spinner image cartoon of a woman holding a megaphone

Have you seen this scam?

  • Call the AARP Fraud Watch Network Helpline at 877-908-3360 or report it with the AARP Scam Tracking Map.  
  • Get Watchdog Alerts for tips on avoiding such scams.

Some scammers hack accounts and gather personal details on victims to launch highly targeted attacks, a practice called spear-phishing. Global crime gangs use phishing emails to penetrate companies’ computer networks or convince employees to pay phony invoices. ​

Wherever their apparent source, phishing messages feign urgency (act now or you’ll risk arrest/have your account frozen/miss out on this special offer). You’ll be asked to quickly provide or “confirm” key pieces of personal or business information or be directed to click on a link, which might launch malware that harvests data from your computer or ransomware that takes over the machine and locks you out.​​

Take these precautions to help spot phishers and avoid their scams.​​

Warning signs​

Emails that contain one or more of the following:​

  • Offers of free products or services, supercheap travel deals, or a sweepstakes prize or other financial windfall​
  • Vague or generic language, such as “payment issue,” to describe a problem with an account or purchase​ 
  • Threats of dire consequences, such as legal action or an account being frozen, if you don’t act immediately​ 
  • Requests that you click a link, open an attachment, or reply with personal or financial information to take advantage of an offer or to resolve a problem
  • Multiple spelling and grammar errors — many phishing scams originate abroad​
  • Pop-ups on your computer or mobile device that warn of viruses, promise a prize or redirect you automatically to another site
  • Unsolicited messages that claim to be from a government agency, public utility, bank or major company ​​​

How to protect yourself from this scam​

  • Check the “From” address. If an email says it’s from Apple or Bank of America but comes from, say, a Gmail account or an address with a foreign domain, it’s phony.​
  • Hover your mouse over links in suspicious emails to reveal the true destination. Pasting the URL into a safety checker such as VirusTotal or Google Safe Browsing can tell you if it presents a phishing or malware risk.​
  • Use antivirus software and keep it up to date. Activate firewalls and other settings that block malicious files.​ 
  • Vary the passwords on your online accounts, which can minimize the damage if you are phished or hacked. Change passwords immediately if you suspect a breach.​
  • Don’t give out personal or financial data such as your Social Security number or account numbers in response to an email or an unsolicited call. A company or government office contacting you on legitimate business will not ask you for such information.​ 
  • Never click on a link or open an attachment unless you are certain the email comes from a trusted source. To check whether a business or government agency is really trying to contact you, use its legitimate customer-service email or hotline, which you can find online or on account statements.​​​

More resources

  • Forward phishing emails to the FTC at reportphishing@apwg.org and to the business or organization the sender claims to represent. Many companies have dedicated email addresses to report phishing, which you can find online.​ 
  • If you are the victim of a phishing scam, file a complaint with the FTC (online or at 877-382-4357) and visit the agency’s identitytheft.gov site for tips on how to limit and repair the damage.​
  • You can also report phishing emails to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

Unlock Access to AARP Members Edition

Join AARP to Continue

Already a Member?

spinner image cartoon of a woman holding a megaphone

Have you seen this scam?

  • Call the AARP Fraud Watch Network Helpline at 877-908-3360 or report it with the AARP Scam Tracking Map.  
  • Get Watchdog Alerts for tips on avoiding such scams.