Phishing and Smishing: How to Avoid Email or Text Scams

By ,  Caitlin Turner-Lafving, Elder & Disability Law Clinic Student, Spring 2021

As more consumers around the world trade in flip phones for smartphones, internet-related crimes and scams are becoming more common. In 2019, the FBI’s Internet Crime Complaint Center received the highest number of complaints and highest reported dollar losses since the center was established in 2000.[1] One of the most frequently reported complaints in 2019 involved phishing, which is when scammers send emails or text messages intended to trick victims into sending money or revealing their personal information.[2] Because phishing is becoming a more popular scamming technique, it is important to know how to recognize it.


Email Phishing


Phishing emails are designed to trick you into giving away your personal information, such as passwords, account numbers, and Social Security numbers. Scammers try to make recipients believe the email is from a legitimate company by using a company’s name and logo. Often, they disguise themselves as banks, credit card companies, online payment websites, social media sites, or online stores.[3] They may also impersonate a friend, family member, or colleague.


To trick recipients into providing personal information or clicking on a link, the email may allege some suspicious activity or log-in attempts on your account, claim there is a problem with your account or payment, ask you to confirm some personal information, ask you for a payment, say you are eligible for a government grant, or say you have won free products or a lottery prize.[4] Many of these emails have the following common characteristics: a generic greeting (“Dear customer”), vague language about a “payment issue” or some problem with your account, appeals for you to take immediate action or risk serious consequences (legal action, freeze on your account, etc.), spelling and grammar errors, and a direction for you to click a link, open an attachment, or reply with your personal information.[5]


SMS Phishing / “Smishing”


SMS phishing, or “smishing,” are scams sent by text message. Smishing messages are very similar to email phishing messages. They typically contain similar vague language, convey a sense of urgency, and attempt to trick recipients into clinking on a link or providing personal information. They may offer free prizes, low or no interest credit cards, help paying off student loans, allege suspicious activity on your account, or claim there is a billing problem on your account.[6] Recently, due to increased online shopping during the COVID-19 pandemic, fake package delivery notifications have emerged as a popular smishing scam. Posing as carriers such as UPS, FedEx, and the USPS, the texts often inform recipients of some fake overdue package or request confirmation of delivery preferences for a fake package.[7]


What to Do if You Receive Phishing or Smishing Messages


If you receive a suspicious email or text, do not provide any personal information or click on the link. Some of these links may lead to a fake website that allows scammers to steal your username and password when you attempt to log in, while others may install malware on your computer or phone that steals your information without your knowledge.[8] Instead, question whether you have an account with the company, whether you actually ordered a package, or whether you know the person contacting you. Verify everything the email or text says externally. If you are contacted about an issue with Bank of America and you have a Bank of America account, contact the company by phone number or by separately accessing the company’s legitimate website. If you did order a package, verify your order and track your package on the company’s legitimate website.


If you determine that the email or text you received is a scam, report it. You can forward phishing emails to the Federal Trade Commission’s Anti-Phishing Working Group at Your text messaging app may have an option to report smishing as junk or spam. You can also copy a smishing message and forward it to the FTC at 7726 (SPAM)[9], but be careful to avoid clicking on any link in the message when copying. You can also report a phishing attack to the FTC at