How to Protect Yourself from a Phishing Scam

Scammers launch thousands of phishing attacks like these every day — and they’re often successful

By Johnson Financial Group

We offer banking, wealth and insurance, using a team approach to provide our personal and business clients with responsive service and comprehensive solutions for their unique financial needs. Partner Content

Scammers use email or text messages to try to steal your passwords, account numbers, or social security numbers. If they get your information, they could gain access to your email, bank, or other accounts. Or, they could sell your information to other scammers. Scammers launch thousands of phishing attacks like these every day — and they’re often successful.

Scammers often update their tactics to keep up with the latest news or trends, but here are some common tactics used in phishing emails or text messages. A scammer might:

  • Say they’ve noticed some suspicious activity or log-in attempts 
  • Claim there’s a problem with your account or your payment information 
  • Say you need to confirm some personal or financial information 
  • Include an invoice you don’t recognize 
  • Ask you to click on a suspicious link to make a payment
  • Say you’re eligible to register for a government refund
  • Offer a coupon for free stuff

Phishing scams can happen via email, text, phone or person-to-person payment apps and often have real consequences for people who give scammers their information, including identity theft.

Remember banks will never ask for your PIN, password, social security number or one-time passcode.

Stay on guard with these tips

  • Be wary of unexpected text messages or phone calls
  • Never give out your PIN, password, social security number, or one-time passcode
  • Watch for misspelled words
  • Don’t click on suspicious links or attachments
  • Be aware of scare tactics 
  • Don’t respond to a request to send money to yourself or individuals you don’t know with person-to-person payment apps like Zelle, Venmo, etc. 
  • Protect your computer or cell phone by ensuring you have the most up-to-date security and software updates 
  • Use multifactor authentication which requires two or more credentials to log in to your accounts. Multifactor authentication makes it harder for scammers to log in to your accounts if they do get your username or password. Please remember, never share your authentication or one-time passcodes with anyone.

What should you do if you suspect a phishing attack?

If you receive an email or a text message asking you to click on a link or open an attachment, answer this question:

Do I have an account with the company or know the person who contacted me?

If the answer is “No,” it could be a phishing scam.

If the answer is “Yes,” contact the bank or company using  their real contact information from a website, statement or the back of a card — not the information from the message. Scammers may spoof or mimic a bank or company’s information to make it appear like the message is coming from a trusted contact.

If you think a scammer has your information, like your social security number, credit card, or bank account number, contact us immediately at 888.769.3796. The Federal Trade Commission also offers steps you can take based on the information you lost at

For additional tips on keeping your information safe, visit our Security Tips or contact your advisor.