Skip to main content
Phishing Scams

Phishing Scams

What is Phishing?

A cyberattack where a criminal poses as a trusted person/organization to trick potential victims into sharing sensitive data or sending money.

Here are a few ways to go Phishing.

  • Angler Phishing: Fake social media posts to get people to provide login information or to download malware.
  • Catphishing: Phishing with a romantic twist. Providing fake names and personal details, con artists gain trust through friendship and romance to trick victims into sending money or sensitive information.
  • Cloning: A cyberattack using replicates of a legitimate email address to spread malware.
  • Image: An email phishing attack using images to trick users into clicking on malicious links.
  • Pop-Up: The use of a pop-up about a problem with your computer's security or other issue to trick you into clicking.
  • Smishing: Uses text messages or short message service (SMS).
  • Vishing: Making phone calls claiming to be from a reputable company to obtain sensitive data.
  • Website Spoofing: Fake websites that look legitimate but are used to collect personal data when logging in.

Phishing attempts happen both by email and text and target everyone. No one is immune. Even staff within the Department of Attorney General are regularly subjected to a variety of phishing email scams. Phishing emails and texts use believable stories or connections to engage the recipient and trigger a quick response. The goal is to obtain financial or personal information to commit fraud.

Criminals can insert themselves into private text, email, or instant message conversations, making the communication look safe because it is coming from a trusted source.

This sophisticated two-step scam starts by stealing your login credentials. Once criminals have access to your account, the next step is to get into your ongoing conversations and send scam messages and malware from you. There are two victims in this “phishing” scam — the person whose account is being hijacked and the person who receives the message that appears to be from you. The recipients are more likely to click on links or attachments in those messages because they appear to have come from you. And when they do, they are pitched a bogus opportunity, prompted to provide personal information, or otherwise scammed — by an email that may have malware already installed.

Signs of a Phishing Email.

  • Requiring urgent action and may be threatening or demanding.
  • Use of poor grammar and spelling mistakes.
  • Subject line includes an unfamiliar, generic, or no greeting at all.
  • Impersonator email addresses where the domain name does not match the hyperlink.
  • Includes unsolicited attachments or links.
  • Requests for login credentials, payment information, or sensitive data.
  • Includes offers too good to be true.

Signs of a Phishing Text.

  • The text message is unsolicited.
  • The text sender has a long phone number (10 or more digits).
  • Includes a link that is likely shortened or scrambled.
  • Written with a sense of urgency.
  • Contains grammatical and spelling errors.
  • Promises of a reward or prize if you respond or click a link.
  • Requests for personal or financial information.

Three Phishing Scam text examples, first left side text from DMV, second right side text from FedEx, and third bottom text from ATT.

Do not reply to suspicious emails or texts. Do not click on links or attachments. Instead, use your email spam filter to keep most phishing emails out of your inbox. Use built-in spam-blocking tools on your mobile device.

Report phishing emails to the Anti-Phishing Working Group. Report phishing texts by forwarding it to SPAM (7726). Report both phishing emails and texts to the Federal Trade Commission.

Report Fraud

If you believe you have been the victim of a scam and would like to file a complaint, contact the Attorney General's Consumer Protection Team at:

Consumer Protection Team
P.O. Box 30213
Lansing, MI 48909
517-335-7599
Fax: 517-241-3771
Toll-free: 877-765-8388
Online complaint form