Skip to main content

Protecting Your Business

Phishing Attack Prevention

How to Identify and Avoid Phishing Scams

Internet pirates steal personal, financial, and business information with a type of internet piracy called phishing. Pronounced "fishing," these thieves are fishing for personal and financial information.

What is a Phishing Attack?

A phishing attack is a scam that attempts to steal your information. It typically takes the form of fraudulent email or text messages that appear to have originated from a legitimate source. Phishing messages will usually direct you to a spoofed website or trick the receiver into divulging personal information like account passwords, credit card information, FEIN, or social security numbers.

Other Popular Terms

Some other terms you most likely have heard related to these attacks are:

"Smishing" - A phishing scam carried out by text messaging.

"Vishing" - A phishing scam carried out via a telephone call.

Both terms are variations of the term "phishing." The "sm" in smishing stands for SMS (short message service), which is a text message using SMS. The "V" in vishing stands for “voice” since phone calls are typically by voice or voice message.

How Phishing Works

You Get an Email, Voice, or Text Message

These messages appear to be from someone you know, a reputable company, or an organization you recognize and do business with. The message may then direct you to click a link or instruct you to divulge your password, bank account, or other sensitive information.

It's Urgent

The message pressures you to act now. These messages usually warn of a serious problem that requires immediate attention. They may use phrases such as "Immediate attention required" or "Please contact us immediately about your account." The email will then encourage you to click a button to visit the institution's website.

The Communication Looks Real

It’s easy to spoof logos and make up fake email addresses. Scammers use familiar company names or pretend to be someone you know. In a phishing scam, you could be redirected to a phony website that may look exactly like the real thing. 

What Happens Next?

If you click on a link or visit a phony site created through phishing, scammers can install ransomware or other programs that lock you out of your data and spread it to the entire company network. If you share passwords, scammers now have access to all those accounts. Phishing attacks can damage your financial history, ruin your personal reputation, and wreak havoc on your business. Understanding how phishing works and how to protect yourself can help you or your business from becoming victims of this crime.

Preventative Measures: What You Can Do

Before you click on a link or share any of your sensitive business information:

Stay Vigilant 

Be wary of communications with misspellings, altered website URLs, or strange email addresses. Additionally, be cautious of requests that seem unusual or beyond the scope of a normal business interaction you would have with that organization.

Talk to Someone

Talking to a colleague might help determine if the request is real or a phishing attempt.

Do Your Own Search

Look up the website or phone number of the company or person behind the text or email. Make sure that you’re getting the real company and not about to download malware or talk to a scammer.

If you’re not sure about the validity of the communication, always call before responding.

Use a number you know to be correct - not the number in the email or text message you received. Check prior communications for contact information and speak to a known representative of this organization that you can confirm. If you cannot access these communications, check the company’s website for a contact. In any case, you should be the one to initiate the communication using phone numbers or email addresses that you have verified yourself. 

What To Do If You Fall Victim

If you have been the victim of identity theft or believe your personal or financial information may have been compromised:

  • Contact your financial institution immediately and alert them of the situation.
  • If you have disclosed sensitive information in a phishing attack, you should also contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file, which will help prevent thieves from opening a new account in your name or your business name.
  • You can report the incident to the Illinois Attorney General's Identity Theft Hotline at 1-866-999-5630 (7-1-1 relay service) or visit their Consumer Protection webpage at https://www.illinoisattorneygeneral.gov/consumer-protection/identity-theft/.
  • If you believe your business or clients are victims of identity theft, you may report it to the Illinois Department of Revenue at REV.IdentityTheftAffidavit@Illinois.gov.
  • Report all suspicious contacts to the Federal Trade Commission or by calling 1-877-IDTHEFT.
  • Call us at 1-312-814-1054 or 1-800-356-9206 to validate communications from the Commission on Equity and Inclusion, The Business Enterprise Program, or the Veterans Business Program.