Avoiding phishing scams

Phishing is defined as a scammer using fraudulent emails or texts, or copycat websites to get you to share valuable personal information, such as account numbers, Social Security Numbers, or your login IDs and passwords. Scammers use the information to steal money or identity or both.

Scammers also use phishing emails to get access to a computer or network; then they install programs like ransomware that can lock you out of important files on the computer.

Phishing scammers lure their targets into a false sense of security by spoofing the familiar, trusted logos of established, legitimate companies. Or they pretend to be a friend or family member.

Phishing scammers make it seem like they need the information or someone else's quickly or something bad will happen. They might say your account will be frozen, you'll fail to get a tax refund, the boss will get mad, even that a family member will be hurt or you could be arrested. They tell lies to get you to give them information.

  • Be cautious about opening attachments or clicking on links in emails. Even a friend or family member's accounts could be hacked. Files and links can contain malware that can weaken a computer's security.
  • Do your own typing. If a company or organization you know sends you a link or phone number, do not click. Use a favorite search engine to look up the website or phone number yourself. Even though a link or phone number in an email may look like the real deal, scammers can hide the true destination.
  • Make the call if you are not sure. Do not respond to any emails that request personal or financial information. Phishers use pressure tactics and prey on fear. If you think a company, friend, or family member really does need personal information from you, pick up the phone and call them yourself using the number on their website or in your address book, not the one in the email.
  • Turn on two-factor authentication. For accounts that support it, two-factor authentication requires both your password and an additional piece of information to login to your account. The second piece could be a code sent to your phone or a random number generated by an app or a token. This protects your account even if your password is compromised.
  • As an extra precaution, you may want to choose more than one type of second authentication (e.g., a PIN) in case your primary method (such as a phone) is unavailable.
  • Back up your files to an external hard drive or cloud storage. Back up your files regularly to protect yourself against viruses or a ransomware attack.
  • Report phishing emails and texts. Forward phishing emails to and to the organization impersonated in the email. The report is most effective when the full email header is included, but most email programs hide this information. To ensure the header is included, search the name of your email service with "full email header" in a search engine.

Keep your security up to date. Use security software you trust, and make sure you set it to update automatically. If an identity thief is opening credit accounts in your name, these new accounts are likely to show up on your credit report. Visit

Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.

Copyright ©2018, ISO Services Properties, Inc.

This material is provided for informational purposes only and does not provide any coverage or guarantee loss prevention. The examples in this material are provided as hypothetical and for illustration purposes only. The Hanover Insurance Company and its affiliates and subsidiaries (“The Hanover”) specifically disclaim any warranty or representation that acceptance of any recommendations contained herein will make any premises, or operation safe or in compliance with any law or regulation.  By providing this information to you, The Hanover does not assume (and specifically disclaims) any duty, undertaking or responsibility to you.  The decision to accept or implement any recommendation(s) or advice contained in this material must be made by you.

LC JAN 2019 10-180H
171-0913 (12/18)