7 Common Phishing Scams To Avoid

May 20, 2025 Safety & Security

Staying safe from phishing scams isn’t always easy. Learn how to recognize the tactics fraudsters use so you can spot and avoid their most common schemes.

An older man looking at an open laptop, he is holding a pair of glasses in his hand.

Remember, A+FCU will never email, call, or text you to request your online banking password, debit card number, PIN, security access code, or to restore account access. We also won’t send texts requesting you click a link to update your contact information. Fraudsters can disguise their communications to appear as if they’re from a trusted source even showing a company logo. If you receive a suspicious email, call, or text, DO NOT respond – instead, contact us directly at 512.302.6800. If you believe you may have been a victim of fraud, please notify us immediately.

“Account Compromised” is the subject line to an email that appears to be from your financial institution. You log on to your account only to see that everything is as it should be. You review the email once more. It’s being sent from a different sender and has misspelled words. It’s not even specifically addressed to you.

This is an example of phishing, the process of attempting to trick people into divulging personal information by appearing to be a legitimate source. Avoiding scams, though, isn’t always as simple as ignoring an email, call, or text. Fraudsters gain access to information in a number of ways.

Common Phishing Scams

Email Phishing

This is the most common type of phishing scam and involves attackers creating phony emails that look nearly identical to a legitimate one. They may say something along the lines of “Your account has been suspended. Click here to restore access.” or “Confirm your contact information to avoid missing important updates or alerts.” The goal is to trick you into clicking the link, giving the fraudster access to steal your personal information or install malware.

Common red flags to look out for are a generic greeting (like “Dear Customer”), poor grammar, spelling errors, and urgent or threatening language. To stay safe, never click on suspicious links. Instead, open a new browser window and go directly to the company’s official website to verify any claims.

Smishing

Smishing is a form of phishing that uses text messages to deceive recipients. These messages often appear to come from trusted sources – such as your financial institution or the IRS – and are designed to create panic or a sense of urgency.

Examples include texts like, “We noticed a suspicious transaction on your account. Please verify immediately.” or “You have unpaid tolls. Pay now to avoid fines or legal action.” Others may reference a delivery update or claim you’ve won a prize. If you click on the link, scammers will steal whatever personal or financial information they can.

Vishing

Vishing, or voice phishing, is a phone scam where fraudsters pose as legitimate organizations to pressure individuals into revealing sensitive information. These callers often use intimidation or urgency – for instance, claiming to be from your financial institution’s collection department, stating you owe a debt that must be resolved immediately. To gain your trust, they may reference personal details obtained elsewhere before asking you to verify sensitive information or even request a money transfer.

To protect yourself, stay calm, don’t respond under pressure, and never share personal or financial information with unsolicited callers. Instead, hang up and contact the organization directly using the phone number from their official website. A legitimate business will always understand your need to verify the call.

Outsmart Sophisticated Phishing

Can you spot a phishing email, text, or phone call? Stay on top of the latest tips for identifying phishing to protect your money and personal info from scammers.

Learn More

Phone Spoofing

Have you been getting calls from numbers that look familiar – or even appear to be coming from a business or organization you trust? You may be experiencing phone spoofing, a tactic scammers use to disguise their real number and make it look like a call is coming from a local or recognizable source.

A helpful rule of thumb: if you don’t recognize the number, let it go to voicemail. Most legitimate callers will leave a message if it’s important. Answering unknown calls can signal to robocallers that your number is active, which may lead to even more unwanted calls.

If you do answer, avoid responding to yes or no questions. Your voice may be recorded and misused down the road. It’s also important to never giveaway any personal information – if the call is truly from a legitimate source, they should already have your details.

Think someone important may be calling you – like a doctor, financial institution, or government office? Hang up and contact them directly using a verified phone number you’ve looked up on their official website.

To help reduce the amount of scam calls you receive and screen for fraudulent callers, register your phone number on the National Do Not Call Registry.

Phony Websites

Clicking on unfamiliar links can lead you to fraudulent websites designed to mimic legitimate ones. These fake sites may prompt you to log in, enter payment details, or provide other sensitive information. In some cases, simply visiting the site can trigger spyware downloads, allowing hackers to monitor your activity and collect personal information without your knowledge.

First and foremost, avoid clicking on links from unknown sources, especially in unsolicited emails or texts. Whenever possible, navigate directly to a website by typing the URL into your browser. It’s also a good idea to always check that the web address begins with “https://”, which indicates that the site uses encryption to protect your data. Another sign you’re on a more secure site is a padlock icon next to the URL – though it’s not a guarantee the site it safe, it’s an added layer of protection.

Wi-Fi Networks

While convenient, public Wi-Fi networks – like those in airports, coffee shops, or hotels – pose significant security risks. Because these networks are often unencrypted and widely accessible, hackers can easily intercept data you transmit, including usernames, passwords, financial information, and more. Some attackers may even set up fake Wi-Fi hotspots that look legitimate to trick users into connecting.

Refrain from logging into financial accounts, social media platforms, or any service containing personal or financial data while on public Wi-Fi. Instead, limit your activity to low-risk tasks like reading the news or streaming videos. If you must access sensitive information on the go, use a virtual private network (VPN) to encrypt your connection, and ensure websites you visit begin with “https://” for added security.

Tab Nabbing

This is a lesser-known phishing technique where cybercriminals take advantage of idle browser tabs. If you’ve ever stepped away from your computer and returned to find a website asking you to log in again, you might assume it simply timed out. However, hackers can exploit that inactivity by redirecting the open tab to a fake version of the original site. If you re-enter your credentials on this altered page, your sensitive information could be stolen.

If you’re asked to log in again, close the tab and manually reopen the site in a new browser to ensure you’re accessing the legitimate page.

Summary

If you suspect you’ve fallen victim to a phishing scam, act quickly. Contact your financial institution right away to secure your accounts and prevent further unauthorized activity. Then, visit identitytheft.gov to report the incident and follow step-by-step recovery guidance tailored to your situation – including how to monitor your credit, place fraud alerts, and report identity theft to the appropriate agencies.