Phishing scams aim to acquire valuable personal and financial data, such as your Social Security number, credit card details or passwords for online accounts, and to steal your identity, your money or both. They are mostly associated with email but can come in many forms, including social media messages, pop-up ads, “vishing” (voice phishing by phone), “smishing” (phishing by text message) and “pharming” (drawing victims to bogus websites).
By digital-age standards, it’s an old-school tool, dating to the mid-1990s, but phishing continues to grow in use and sophistication. The FBI’s latest Internet Crimes Report cites 300,497 reports of phishing-related crimes, resulting in a total loss of more than $52 million, in 2022 (though scams are notoriously underreported, so the actual numbers are likely to be far higher).
The scam often relies on impersonation, and phishers can be very good at it. They sound authoritative on the phone, change caller IDs to show a real corporate or government number, and use well-known logos to make their emails and websites look genuine.
They bait the hook by promising goodies — free products or services, a big lottery prize, a government grant — or threatening legal or financial harm over a supposed unpaid tax or utility bill, for example. You might get a call or an official-looking email from your bank or from a tech company like Apple or Netflix, claiming that there’s a problem with your account.
Another common version: fake package delivery messages, seemingly from the U.S. Postal Service, FedEx or UPS, warning about some sort of delivery problem.