Fake Email or “Phishing”

What is "Phishing"?

Scammers use fake emails, also called phishing, brand spoofing or carding, to “fish” for information.

These fake messages can look real, but link to fake websites. The website may look like a trusted, well-known company, too, but it's all a trick to get your information - such as Social Security number or bank and credit card account numbers.

A more aggressive fake email may invade your computer with malicious software (malware) or a virus as soon as you open the email.

What to Look For

Check these warning signs when you are not sure of an email:

• Urgency: Phishing emails often need an immediate response or action.
• Your name/email is not in the “to” field: Scammers send out thousands of phishing emails, hoping someone will bite.
• Asks for sensitive or banking information: A real bank would never ask for your Social Security number, bank account information or your PIN in an email.
• Uses a public internet account: If the email is from a public account, such as Yahoo or Gmail, but claims to be from your bank or other business, do not trust the email.
• Is not a secure site: The website will be missing the lock symbol at the bottom of the screen and will not include an “s” after “http” in the web address.
• Incorrect URL: Check to make sure the site address is accurate. Crooks may create a fake website with a slight misspelling in the business name to catch you.
• Poor spelling and grammar: Cybercriminals often don’t catch spelling errors in an email.
• All caps: Scammers often use capital letters to get your attention.
• Displays low resolution images: Scammers usually build fake sites quickly using forged company logos, signatures and styles, and this shows in the lower quality of the sites.
• Includes small pieces of your personal information: Some personal information may be included. This is typically general information the scammers got from another source.

How to Help Protect Yourself

• Use common sense. Read emails carefully, checking to make sure you know the sender.
• Only open emails from a sender you know and trust. This goes for attachments and links, too.
• Go directly to a company's published website if asked to fill out information. Do not use a link provided in an email.
• Double check the message: Look for false “from” and “subject” lines, spelling errors and grammar mistakes.
• Ensure that a website is secure by checking to see whether there is an "s" after the http in the address (https://) and a lock icon at the bottom of the screen - both are indicators that the site is secure. Never enter payment information on a site that isn't secure.
• Be vigilant. Monitor your bank and credit card statements for any suspicious charges or transfers. If you see unauthorized payments on your credit card or bank account, you will need to contact the bank or the financial institution to have them reverse the unauthorized charge to your account.

If you wonder whether an email is legitimate, contact the company named in the email by using a phone number or email you found through a trusted source. Most companies do not ask customers for information through email.

If you think a caller is trying to scam you, hang up. If you get a suspicious email or text, do not reply. If you suspect you are a target of fraud on your AT&T mobile phone account, you can report it to our Fraud team here. If you suspect fraud on another account, call the customer service number on your bill for help. You can also forward an email to the Anti Phishing Working Group or report it to the FTC.

Then, delete the email immediately and do not open any attachments. AT&T Internet Services makes every effort to block fraudulent messages from reaching our customers, and we will continue working diligently to ensure that your experience with us is both safe and enjoyable.

For tips on how to protect businesses from phishing, visit the Cybersecurity for Business page.