How to protect your personal information online

How to protect your personal information online

Your email inbox may sometimes be flooded with offers from online retailers promoting sales, coupons and special deals. Unfortunately, some of these messages may actually be instances of phishing.

What’s phishing? It’s when hackers send emails or text messages pretending to be from reputable companies in order to trick you into giving them what they want—typically, your personal information—like passwords or credit card numbers.

Some Internet scams are targeting seniors.1 Scammers want to catch you with your guard down and get you to offer up your personal, protected information. To protect yourself from phishing, it’s important to learn the common forms, ways to spot a phishing message and how to report phishing scams.

What are the most common forms of phishing?

  • Emails or text messages claiming to be from a legitimate retailer, shipper, bank, organization or government agency. The sender may ask you to confirm your personal information for a phony reason (e.g., an order has been placed in your name, your account is about to be closed, or your information has been lost because of a computer problem).
  • Requests for charitable donations. There are many fake charities that have legitimate sounding names, so thoroughly research charities before donating. The Federal Trade Commission has a helpful Charity Checklist , opens new window for this reason.
  • IRS and tax-related emails. These emails may reference unpaid taxes or a potential audit but are often a scam. The Internal Revenue Service (IRS) website states that it “does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.”2

Phishing could happen to anyone. If you receive a phishing email, report it. Below are some great resources and steps to report phishing emails.

  • Forward phishing emails to the Federal Trade Commission at – and to the organization impersonated in the email. Your report is most effective when you include the full email header, but most email programs hide this information.
  • File a report with the Federal Trade Commission at , opens new window.
  • You can also report phishing email to The Anti-Phishing Working Group – which includes internet service providers, security vendors, financial institutions and law enforcement agencies – uses these reports to fight phishing.