It’s no coincidence that phishing sounds a lot like fishing. In the sport of fishing, an angler rigs up some bait and keeps casting into a pond in an attempt to hook unsuspecting prey that he can later feed off of.

The more sinister world of phishing works much the same, except the bait shows up on your computer or smartphone and you’re the unsuspecting prey. Here are five frequently asked questions about phishing that can help you better protect yourself.

  1. What is phishing?

    Phishing is a form of cybercrime. Scammers use any combination of electronic communications (robocalls, emails, instant messages, text messages and imitation websites) to trick you into sharing your personal, sensitive information – information the scammer then uses to commit online and financial fraud.

  2. What kind of information do they want?

    Scammers look for anything they can use to either impersonate you or access your existing accounts. It can be as basic as getting you to give up your current address, date of birth or streaming service login ID. It can be as serious as nabbing your Social Security Number or passwords for your bank account, credit cards and online payment apps.

  3. Do people really fall for that?

    Phishing attacks can be very convincing.

    • Scammers design emails and copycat websites with legitimate company logos and colors so they look like they’re from a bank, social networking site, software company or online retailer you may have a relationship with.
    • They’ll spoof (or imitate) sender information and create fake URLs close to the real web addresses – often off by just one letter or with an additional word, like “inc” or “services” – to make messages appear genuine.
    • While many phishing scams cast a wide net, some directly target individuals by using additional, personalized information obtained online. Known as spear phishing, these communications can seem even more credible because they may appear to come from an executive at your employer (gathered from your professional profile and the company website) or may include details about a recent purchase you made (obtained from your social media posts).
    • Phishing attacks typically include a sense of urgency to attempt to get you to respond quickly and without thinking. For example, a message might say your service will be canceled in 24 hours if your payment method isn’t updated.
    • Scammers can also trick you into opening an email attachment or clicking on a web banner that downloads malware, or malicious software, to your device. This software then allows them to download files, like financial statements, from your hard drive or track your keystrokes to decipher your passwords.
  4. How can I protect myself?

    Don’t take the bait if something seems off or too good to be true. Be suspicious. Think before you act. And follow some best practices:

    • Look for obvious signs of a fake, including poor grammar and spelling, suspicious sender information, a generic greeting instead of your name and unexpected attachments.
    • Verify any requests for your information by contacting the company or the individual directly – using a phone number or URL that you know is real, maybe even from your account statement.
    • Avoid clicking on links in text messages and emails. On your computer, make it a practice to hover your cursor over any link to view the destination URL before you click.
    • Check email addresses. Some phishing messages appear to come from a known company, with the sender’s name visible but the email address hidden. Simply hover your cursor to expand the address and easily determine if it’s legitimate or not.
    • Make sure the website you’re on is secure. You’ll see “https” at the beginning of the URL and a closed padlock icon.
    • Have different passwords for every account or use a password manager.
    • Keep your spam filter, antivirus software, browser version and smartphone operating system up-to-date.
    • Check your online accounts regularly. Look for activity that you didn’t initiate.
  5. Can I do anything to stop it?

    Cybercriminals are relentless. So it’s unlikely that you’ll stop all incoming phishing attacks. But information you provide about messages you receive may help thwart scammers in the future:

    • Alert the Federal Trade Commission Anti-Phishing Working Group by forwarding suspicious emails to reportphishing@apwg.org.
    • If you receive a suspicious message that appears to come from Key, do not respond. Instead, forward the message to reportphish@keybank.com, then delete the message from your mailbox.
    • Copy and send unwanted text messages to SPAM (7726). It’s free with most major wireless carriers.

The information and recommendations contained here have been compiled from sources believed to be reliable and represent the best current opinion on the subject. No warranty, express or implied by KeyBank, is made as to the absolute correctness or sufficiency of the information contained. This is meant as general information only; particular situations may require additional actions.

This document is designed to provide general information only and is not comprehensive nor is it legal advice. If legal advice or other expert assistance is required, the services of a competent professional should be sought. KeyBank does not make any warranties regarding the results obtained from the use of this information.