<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link type="application/rss+xml" href="/ncas/tips.xml" rel="alternate" title="Tips" />
<link rel="shortcut icon" href="https://www.us-cert.gov/sites/default/files/images/favicon.ico" type="image/vnd.microsoft.icon" />
<link type="application/rss+xml" href="/ncas/all.xml" rel="alternate" title="All" />
<link type="application/rss+xml" href="/ncas/current-activity.xml" rel="alternate" title="Current Activity" />
<link type="application/rss+xml" href="/ncas/bulletins.xml" rel="alternate" title="Bulletins" />
<link type="application/rss+xml" href="/ncas/alerts.xml" rel="alternate" title="Alerts" />
<meta name="description" content="Do not give sensitive information to others unless you are sure that they are indeed who they claim to be and that they should have access to the information." />
<meta name="abstract" content="Do not give sensitive information to others unless you are sure that they are indeed who they claim to be and that they should have access to the information." />
<meta name="generator" content="Drupal 7 (http://drupal.org)" />
<link rel="canonical" href="https://www.us-cert.gov/ncas/tips/ST04-014" />
<link rel="shortlink" href="https://www.us-cert.gov/node/136" />
  <title>Avoiding Social Engineering and Phishing Attacks</title>  
  <link type="text/css" rel="stylesheet" href="https://www.us-cert.gov/sites/default/files/css/css_xE-rWrJf-fncB6ztZfd2huxqgxu4WO-qwma6Xer30m4.css" media="all" />
<link type="text/css" rel="stylesheet" href="https://www.us-cert.gov/sites/default/files/css/css_Q7R7Blo9EYqLDI5rIlO_T3uTFBjIXjLpcqMHjTvVdmg.css" media="all" />
<link type="text/css" rel="stylesheet" href="https://www.us-cert.gov/sites/default/files/css/css_QT-iHCN_OvMfcvyWv3zcdASNIcVEspchrW8xhfhypgw.css" media="all" />
<link type="text/css" rel="stylesheet" href="https://www.us-cert.gov/sites/default/files/css/css_wZj-mtRShpVaXHiZkLh1PonXzmnTnZZ_NdtXxoCpx7M.css" media="all" />
<link type="text/css" rel="stylesheet" href="https://www.us-cert.gov/sites/default/files/css/css_b1iWONkh3ZzFPgZnwWtRxeAlg-fV1aO3O6P3tNa0A68.css" media="all" />
<link type="text/css" rel="stylesheet" href="https://www.us-cert.gov/sites/default/files/css/css_KCNZ7YudgplVMn0e5YXrEptF8K7nkEFZt5Yrs5EjYM0.css" media="all" />
  <script type="text/javascript" src="https://www.us-cert.gov/sites/default/files/js/js_3IfP06ctCmrbNizolezd1ii7oumpuWxUkONbVdU6JhE.js"></script>
<script type="text/javascript" src="https://www.us-cert.gov/sites/default/files/js/js_DzD04PZATtGOFjfR8HJgfcaO3-pPZpWFXEvuMvQz2gA.js"></script>
<script type="text/javascript" src="https://www.us-cert.gov/sites/default/files/js/js_XLunpia_Z5_HY4TeANZIbR0VTYNE8kZfhm_G5vb1EVc.js"></script>
<script type="text/javascript" src="https://www.us-cert.gov/sites/default/files/js/js_ICJwHQ-Ii3ytM7OUWytURigrWPHfQ-pBZ7kl0A1UmUI.js"></script>
<script type="text/javascript">
<!--//--><![CDATA[//><!--
(function(i,s,o,g,r,a,m){i["GoogleAnalyticsObject"]=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,"script","https://www.us-cert.gov/sites/default/files/googleanalytics/analytics.js?p3thgt","ga");ga("create", "UA-34879253-1", {"cookieDomain":"auto"});ga("set", "anonymizeIp", true);ga("send", "pageview");
//--><!]]>
</script>
<script type="text/javascript">
<!--//--><![CDATA[//><!--
jQuery.extend(Drupal.settings, {"basePath":"\/","pathPrefix":"","ajaxPageState":{"theme":"uscert_gov_theme","theme_token":"4QmVw20MtsrL49XKCybMSgWAhNOvZc9EIZrvYUw7Mj4","js":{"0":1,"sites\/all\/modules\/jquery_update\/replace\/jquery\/1.10\/jquery.min.js":1,"misc\/jquery.once.js":1,"misc\/drupal.js":1,"profiles\/uscert_gov\/modules\/contrib\/jquery_update\/replace\/ui\/ui\/minified\/jquery.ui.datepicker.min.js":1,"sites\/all\/modules\/jquery_update\/replace\/ui\/ui\/minified\/jquery.ui.core.min.js":1,"sites\/all\/modules\/jquery_update\/replace\/ui\/ui\/minified\/jquery.ui.widget.min.js":1,"sites\/all\/modules\/jquery_update\/replace\/ui\/ui\/minified\/jquery.ui.accordion.min.js":1,"profiles\/uscert_gov\/modules\/contrib\/jquery_ui_filter\/jquery_ui_filter.js":1,"profiles\/uscert_gov\/modules\/custom\/uscert_webforms\/js\/uscert_webforms.js":1,"profiles\/uscert_gov\/modules\/contrib\/extlink\/extlink.js":1,"profiles\/uscert_gov\/themes\/uscert_gov_theme\/js\/global.js":1,"profiles\/uscert_gov\/modules\/contrib\/jquery_ui_filter\/accordion\/jquery_ui_filter_accordion.js":1,"profiles\/dhs_wcm\/modules\/contrib\/google_analytics\/googleanalytics.js":1,"1":1},"css":{"modules\/system\/system.base.css":1,"modules\/system\/system.menus.css":1,"modules\/system\/system.messages.css":1,"modules\/system\/system.theme.css":1,"misc\/ui\/jquery.ui.core.css":1,"misc\/ui\/jquery.ui.theme.css":1,"misc\/ui\/jquery.ui.accordion.css":1,"modules\/aggregator\/aggregator.css":1,"profiles\/uscert_gov\/modules\/contrib\/calendar\/css\/calendar_multiday.css":1,"modules\/comment\/comment.css":1,"profiles\/dhs_wcm\/modules\/contrib\/date\/date_api\/date.css":1,"profiles\/dhs_wcm\/modules\/contrib\/date\/date_popup\/themes\/datepicker.1.7.css":1,"profiles\/dhs_wcm\/modules\/contrib\/date\/date_repeat_field\/date_repeat_field.css":1,"modules\/field\/theme\/field.css":1,"modules\/node\/node.css":1,"modules\/search\/search.css":1,"profiles\/uscert_gov\/modules\/custom\/uscert_webforms\/css\/uscert_webforms.css":1,"modules\/user\/user.css":1,"profiles\/uscert_gov\/modules\/contrib\/extlink\/extlink.css":1,"profiles\/dhs_wcm\/modules\/contrib\/views\/css\/views.css":1,"profiles\/dhs_wcm\/modules\/contrib\/ctools\/css\/ctools.css":1,"sites\/all\/modules\/panels\/css\/panels.css":1,"sites\/default\/files\/css\/follow.css":1,"profiles\/dhs_wcm\/themes\/omega\/alpha\/css\/alpha-reset.css":1,"profiles\/uscert_gov\/themes\/uscert_gov_theme\/css\/font-awesome.min.css":1,"profiles\/uscert_gov\/themes\/uscert_gov_theme\/css\/global.css":1,"profiles\/dhs_wcm\/themes\/omega\/alpha\/css\/grid\/alpha_default\/normal\/alpha-default-normal-12.css":1}},"jQueryUiFilter":{"disabled":0,"accordionHeaderTag":"h3","accordionOptions":{"active":"false","animated":"slide","autoHeight":"false","clearStyle":"false","collapsible":"true","event":"click","scrollTo":0,"history":"false"}},"wcmTools":{"techinicalDifficulties":"The site \u003Cem class=\u0022placeholder\u0022\u003EUS-CERT\u003C\/em\u003E is having technical difficulties and some features may not work properly.","messageContainerID":"main-content","messageType":"error"},"extlink":{"extTarget":0,"extClass":"ext","extLabel":"(link is external)","extImgClass":0,"extSubdomains":1,"extExclude":"(\\.gov|\\.mil|\\.org.*|twitter\\.com\\\/share\\?url\\=.*|www\\.facebook\\.com\\\/sharer\\.php\\?u\\=.*|www\\.addthis\\.com\\\/bookmark\\.php\\?url\\=.*|javascript\\:window\\.print\\(\\)\\;)","extInclude":"","extCssExclude":"","extCssExplicit":"","extAlert":"_blank","extAlertText":"You are now leaving an official website of the United State Government (USG), the Department of Homeland Security (DHS) and the United States Computer Emergency Readiness Team (US-CERT). Links to non-USG, non-DHS and non-US-CERT sites are provided for the visitor\u0027s convenience and do not represent an endorsement by USG, DHS or US-CERT of any commercial or private issues, products or services. Note that the privacy policy of the linked site may differ from that of USG, DHS and US-CERT.","mailtoClass":"mailto","mailtoLabel":"(link sends e-mail)"},"googleanalytics":{"trackOutbound":1,"trackMailto":1,"trackDownload":1,"trackDownloadExtensions":"7z|aac|arc|arj|asf|asx|avi|bin|csv|doc(x|m)?|dot(x|m)?|exe|flv|gif|gz|gzip|hqx|jar|jpe?g|js|mp(2|3|4|e?g)|mov(ie)?|msi|msp|pdf|phps|png|ppt(x|m)?|pot(x|m)?|pps(x|m)?|ppam|sld(x|m)?|thmx|qtm?|ra(m|r)?|sea|sit|tar|tgz|torrent|txt|wav|wma|wmv|wpd|xls(x|m|b)?|xlt(x|m)|xlam|xml|z|zip","trackCrossDomains":["us-cert.gov"]},"password":{"strengthTitle":"Password compliance:"},"type":"setting"});
//--><!]]>
</script>
<!-- We participate in the US government's analytics program. See the data at analytics.usa.gov. --><script src="/profiles/dhs_wcm/modules/contrib/usfedgov_google_analytics/js/Universal-Federated-Analytics-Min.js?agency=DHS&subagency=US-CERT" type="text/javascript" id="_fed_an_ua_tag"></script>  <!--[if lt IE 9]><script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
</head>
<body class="html not-front not-logged-in no-sidebars page-node page-node- page-node-136 node-type-tip i18n-en context-ncas">
  <div id="skip-link">
    <a href="#main-content" class="element-invisible element-focusable">Skip to main content</a>
  </div>
    <div class="page clearfix" id="page">
      <header id="section-header" class="section section-header">
  <div id="zone-global-header-wrapper" class="zone-wrapper zone-global-header-wrapper clearfix">  
  <div id="zone-global-header" class="zone zone-global-header clearfix container-12">
    <div class="block block-block block-22 block-block-22 odd block-without-title" id="block-block-22">
  <div class="block-inner clearfix">
                
    <div class="content clearfix">
      <div id="super-header"><img alt="U.S. Flag" src="/sites/default/files/icn-us-flag-21px.png" /> Official website of the Department of Homeland Security</div>    </div>
  </div>
</div>  </div>
</div><div id="zone-branding-wrapper" class="zone-wrapper zone-branding-wrapper clearfix">  
  <div id="zone-branding" class="zone zone-branding clearfix container-12">
    <div class="grid-8 region region-branding" id="region-branding">
  <div class="region-inner region-branding-inner">
        <div class="block block-block block-23 block-block-23 odd block-without-title" id="block-block-23">
  <div class="block-inner clearfix">
                
    <div class="content clearfix">
      <div class="logo-img"><a href="/"><img alt="U.S. Department of Homeland Security Seal. United States Computer Emergency Readiness Team US-CERT" id="logo" src="/sites/default/files/images/logo.png" /></a></div>    </div>
  </div>
</div>  </div>
</div><div class="grid-4 region region-search" id="region-search">
  <div class="region-inner region-search-inner">
    <div class="block block-block block-3 block-block-3 odd block-without-title" id="block-block-3">
  <div class="block-inner clearfix">
                
    <div class="content clearfix">
      <div id="search-container"><form accept-charset="UTF-8" action="https://search.us-cert.gov/search" id="search_form" method="get"><input name="utf8" type="hidden" value="✓" /><input id="affiliate" name="affiliate" type="hidden" value="us-cert" /><label for="query">Search query</label><input autocomplete="off" class="usagov-search-autocomplete" id="query" name="query" type="text" /><input id="search-submit" name="commit" type="submit" value="Search" /> </form></div>
<style type="text/css">
<!--/*--><![CDATA[/* ><!--*/
.view-id-current_job_openings .views-table thead th {
color: white;
}

/*--><!]]>*/
</style><style type="text/css">
<!--/*--><![CDATA[/* ><!--*/
.general-table {
        margin-bottom: 2px;
        margin-top: 2px;
}

.general-table th {
        border: 1px solid #2b5580;
        background-color: #4078b1;
        background-image: -webkit-gradient(
                linear,
                left bottom,
                left top,
                color-stop(0.15, rgb(41,90,139)),
                color-stop(0.85, rgb(64,120,177))
        );
        background-image: -moz-linear-gradient(
                center bottom,
                rgb(41,90,139) 15%,
                rgb(64,120,177) 85%
        );
        color: #FFFFFF;
        text-align: center;
}

.general-table td, .general-table th {
        border: 1px solid #2b5580;
        line-height: 1.2em;
	padding: 10px;
}

.general-table caption {
	padding: 14px;
	
}

.general-table caption strong {
        line-height: 1.2em;
	padding: 10px;
	font-size: 14px;
}

}

/*--><!]]>*/
</style><style type="text/css">
<!--/*--><![CDATA[/* ><!--*/
.table-in-accordion {
        margin-bottom: 2px;
        margin-top: 2px;
}

.table-in-accordion th {
        border: 1px solid #2b5580;
        background-color: #4078b1;
        background-image: -webkit-gradient(
                linear,
                left bottom,
                left top,
                color-stop(0.15, rgb(41,90,139)),
                color-stop(0.85, rgb(64,120,177))
        );
        background-image: -moz-linear-gradient(
                center bottom,
                rgb(41,90,139) 15%,
                rgb(64,120,177) 85%
        );
        color: #FFFFFF;
        text-align: center;
}

.table-in-accordion td, .table-in-accordion th {
        border: 1px solid #2b5580;
        line-height: 1.2em;
	padding: 6px;
}

.table-in-accordion caption {
	padding: 14px;
	
}

.table-in-accordion caption strong {
        line-height: 1.2em;
	padding: 10px;
	font-size: 14px;
}
ol {
margin: 5px 0 5px 35px !important;
}

/*--><!]]>*/
</style><style type="text/css">
<!--/*--><![CDATA[/* ><!--*/
.node-bulletin #snya_v td {
        line-height: 1.2em !important;
}

.node-bulletin #snya_v {
        margin-bottom: 25px;
}

.node-bulletin #snya_v tfoot {
        background-color: #F5F5F5;
}

.node-bulletin #snya_v td, .node-bulletin #snya_v th {
        border: 1px solid #666666;
        padding: 10px 5px !important;
}

.node-bulletin #snya_v_title {
        background-color: #999999;
        color: #FFFFFF;
        text-align: center;
        font-weight: bold;
}

.node-bulletin h2#snya_v_title
{
        padding: 10px 0;
        border: 1px solid #666666;
        border-bottom: none;
}

/*--><!]]>*/
</style><style type="text/css">
<!--/*--><![CDATA[/* ><!--*/
body.node-type-current-activity div.content div.content a{
    color: #005EBD;
    text-decoration: underline;
}
.view-id-current_job_openings td.active {
    background-color: inherit;
}
img.usajobs-img {
    width: 85%;
}
/* akamai block */
#block-akamai-akamai h2 {
        display: none;
}

#block-akamai-akamai div, 
#block-akamai-akamai input, 
#block-akamai-akamai ul, 
#block-akamai-akamai li, 
#block-akamai-akamai form,  
#block-akamai-akamai label {
        display: inline;
}

#block-akamai-akamai div#edit-message {
    display: none;
}

#block-akamai-akamai input#edit-submit {
    background: none;
    border: none;
    cursor: pointer;
    color: #00578D;
}

#block-akamai-akamai input#edit-submit:hover {
    text-decoration: underline;
}

#block-akamai-akamai input#edit-submit {
    color: #FFF;
    font-size: 95%;
}

#block-akamai-akamai {
    display: inline;
    position: relative;
    float: right;
    padding-right: 10px;
    z-index: 10;
}

/*--><!]]>*/
</style>    </div>
  </div>
</div>  </div>
</div>  </div>
</div><div id="zone-menu-wrapper" class="zone-wrapper zone-menu-wrapper clearfix">  
  <div id="zone-menu" class="zone zone-menu clearfix container-12">
    <div class="grid-12 region region-menu" id="region-menu">
  <div class="region-inner region-menu-inner">
        <nav class="navigation">
      <span class="element-invisible">Main menu</span><ul id="main-menu" class="links inline clearfix main-menu"><li class="menu-577 first"><a href="/" title="">Home</a></li><li class="menu-581"><a href="/about-us">About Us</a></li><li class="menu-1903"><a href="/current-job-openings" title="">Careers</a></li><li class="menu-709"><a href="/security-publications">Publications</a></li><li class="menu-579"><a href="/ncas">Alerts and Tips</a></li><li class="menu-580"><a href="/related-resources">Related Resources</a></li><li class="menu-982 last"><a href="/ccubedvp">C³ VP</a></li></ul>          </nav>
          </div>
</div>

  </div>
</div></header>    
      <section id="section-content" class="section section-content">
  <div id="zone-content-wrapper" class="zone-wrapper zone-content-wrapper clearfix">  
  <div id="zone-content" class="zone zone-content clearfix container-12">    
        
        <div class="grid-12 region region-content" id="region-content">
  <div class="region-inner region-content-inner">
    <a id="main-content"></a>
                        <div class="block block-block block-64 block-block-64 odd block-without-title" id="block-block-64">
  <div class="block-inner clearfix">
                
    <div class="content clearfix">
      <div id="tlp-header"><svg height="30" width="120"><rect fill="black" height="30" width="120" x="0" y="0"></rect><text fill="#ffffff" font-size="18px" x="10" y="20">TLP:WHITE</text></svg></div><div id="tlp-footer"><svg height="30" width="120"><rect fill="black" height="30" width="120" x="0" y="0"></rect><text fill="#ffffff" font-size="18px" x="10" y="20">TLP:WHITE</text></svg></div>
<style type="text/css">
<!--/*--><![CDATA[/* ><!--*/
#tlp-header,
#tlp-footer {
	width: 120px;
	height: 30px;
}

@media print {
	#tlp-header {
		position: fixed;
		right: 0;
		top: 0;
	}
	#tlp-footer {
		position: fixed;
		right: 0;
		bottom: 0;
	}
	#ncas-content {
		width: 85% !important;
	}
.general-table {
word-break: break-all;
}
	body {
		font-size: 120%;
	}
}
@media screen {
	#tlp-header {
		display: none;
	}
	#tlp-footer {
		display: none;
	}
}

/*--><!]]>*/
</style>    </div>
  </div>
</div><div class="block block-system block-main block-system-main even block-without-title" id="block-system-main">
  <div class="block-inner clearfix">
                
    <div class="content clearfix">
      <article class="node node-tip node-published node-not-promoted node-not-sticky author-pw odd clearfix" id="node-tip-136">
	
	
		
	
	<div id="tips-archive">
		<a title="View Archives" href="/ncas/tips/">View Previous Tips</a>
	</div>
	<h1 id="page-title">Security Tip (ST04-014)</h1>
	<h2 id="page-sub-title">Avoiding Social Engineering and Phishing Attacks</h2>
	<footer class="submitted meta-text">Original release date: October 22, 2009 | Last revised: January 24, 2017</footer>
	    	<div id="social-options">
		<!-- START PRINT BUTTON -->
			<div id="print-button">
				<span id="custom-print-button">
					<a rel="nofollow" href="javascript:window.print();">Print Document</a>
				</span>
			</div>        <!-- END PRINT BUTTON -->

		<!-- START TWEET BUTTON -->
			<div id="tweet-button">
				<span id="custom-tweet-button">
					<a rel="nofollow" target="_blank" href="https://twitter.com/share?url=https%3A%2F%2Fwww.us-cert.gov%2Fncas%2Ftips%2FST04-014" class="popup-twitter">Tweet</a>
				</span>
			</div>		<script type="text/javascript"> 
			jQuery('.popup-twitter').popupWindow({ 
				height:400, 
				width:575, 
				top:50, 
				left:50 
			}); 
		</script>
		<!-- END TWEET BUTTON -->

		<!-- START FACEBOOK BUTTON -->
			<div id="facebook-button">
				<span id="custom-facebook-button">
				<a rel="nofollow" target="_blank" href="https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.us-cert.gov%2Fncas%2Ftips%2FST04-014" class="popup-facebook">Like Me</a>
				</span>
			</div>
            <script type="text/javascript"> 
			jQuery('.popup-facebook').popupWindow({ 
				height:500, 
				width:900, 
				top:50, 
				left:50 
			}); 
		</script>
		<!-- END FACEBOOK BUTTON -->
		
		<!-- START SHARE BUTTON -->
			<div id="share-button">
				<span id="custom-share-button">
					<a rel="nofollow" target="_blank" href="http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fwww.us-cert.gov%2Fncas%2Ftips%2FST04-014" class="popup-share">Share</a>
				</span>
			</div>                <script type="text/javascript"> 
			jQuery('.popup-share').popupWindow({ 
				height:500, 
				width:900, 
				top:50, 
				left:50 
			}); 
		</script>
		<!-- END SHARE BUTTON -->
			
	</div>

	<div class="content clearfix">

	
		<p class="tip-intro">Do not give sensitive information to others unless you are sure that they are indeed who they claim to be and that they should have access to the information. </p>
		<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><h3>What is a social engineering attack?</h3><p>In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.</p><h3>What is a phishing attack?</h3><p>Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.</p><p>Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as</p><ul class="bulleted"><li>natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)</li><li>epidemics and health scares (e.g., H1N1)</li><li>economic concerns (e.g., IRS scams)</li><li>major political elections</li><li>holidays</li></ul><h3>How do you avoid being a victim?</h3><ul class="bulleted"><li>Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.</li><li>Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.</li><li>Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.</li><li>Don't send sensitive information over the Internet before checking a website's security. (See <a href="/ncas/tips/ST04-013">Protecting Your Privacy</a> for more information.)</li><li>Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).</li><li>If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the <a href="http://www.antiphishing.org">Anti-Phishing Working Group</a>.</li><li>Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic. (See <a href="/ncas/tips/ST04-004">Understanding Firewalls</a>, <a href="/ncas/tips/ST04-005">Understanding Anti-Virus Software</a>, and <a href="/ncas/tips/ST04-007">Reducing Spam</a> for more information.)</li><li>Take advantage of any anti-phishing features offered by your email client and web browser.</li></ul><h3>What do you do if you think you are a victim?</h3><ul class="bulleted"><li>If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.</li><li>If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.</li><li>Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.</li><li>Watch for other signs of identity theft. (See <a href="/ncas/tips/ST05-019">Preventing and Responding to Identity Theft</a> for more information.)</li><li>Consider reporting the attack to the police, and file a report with the <a href="https://www.ftc.gov/">Federal Trade Commission</a>.</li></ul></div></div></div>	
		
		
				
				<div id="tip-authors">
			<a id="tipauthors"></a>
			<div class="field field-name-field-tip-author field-type-text field-label-hidden clearfix">
<h3>Author</h3> US-CERT Publications  
</div>		</div>
				
		
		<p class="privacy-and-terms">This product is provided subject to this <a href="/privacy/notification">Notification</a> and this <a href="/privacy/">Privacy &amp; Use</a> policy.</p>		
		<div id="document-feedback">	<div class="inner-document-feedback">		<p>Was this document helpful?&nbsp;&nbsp;<a href="/forms/feedback?helpful=yes&amp;document=ST04-014: Avoiding Social Engineering and Phishing Attacks&amp;trackingNumber=&amp;url=https://www.us-cert.gov/ncas/tips/ST04-014&amp;site_name=US-CERT">Yes</a>&nbsp;&nbsp;|&nbsp;&nbsp;<a href="/forms/feedback?helpful=somewhat&amp;document=ST04-014: Avoiding Social Engineering and Phishing Attacks&amp;trackingNumber=&amp;url=https://www.us-cert.gov/ncas/tips/ST04-014&amp;site_name=US-CERT">Somewhat</a>&nbsp;&nbsp;|&nbsp;&nbsp;<a href="/forms/feedback?helpful=no&amp;document=ST04-014: Avoiding Social Engineering and Phishing Attacks&amp;trackingNumber=&amp;url=https://www.us-cert.gov/ncas/tips/ST04-014&amp;site_name=US-CERT">No</a></p>	</div></div>		
		
		<div class="clearfix">
							<nav class="links node-links clearfix"></nav>
					</div>
	</div>
</article>
    </div>
  </div>
</div>      </div>
</div>  </div>
</div></section>    
  
      <footer id="section-footer" class="section section-footer">
  <div id="zone-footer-wrapper" class="zone-wrapper zone-footer-wrapper clearfix">  
  <div id="zone-footer" class="zone zone-footer clearfix container-12">
    <div class="grid-12 region region-footer-first" id="region-footer-first">
  <div class="region-inner region-footer-first-inner">
    <div class="block block-block block-1 block-block-1 odd block-without-title" id="block-block-1">
  <div class="block-inner clearfix">
                
    <div class="content clearfix">
      <div id="i-want-to"><h3>I Want To</h3><ul><li><a href="/forms/report">Report incidents</a></li><li><a href="/forms/share-indicators">Share indicators</a></li><li><a href="/report-phishing/">Report phishing</a></li><li><a href="https://malware.us-cert.gov/">Report malware</a></li><li><a href="https://www.kb.cert.org/vuls/html/report-a-vulnerability/">Report software vulnerabilities</a></li></ul></div><!-- end of i-want-to --><div id="subscribe-to-alerts"><h3>Subscribe to Alerts</h3><p>Receive security alerts, tips, and other updates.</p><form action="https://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/qualify"><label for="email-address-field">Enter email address</label> <input class="email-address-field long" id="email-address-field" name="email" title="Enter your email address" type="text" value="Enter your email address" /><input class="button blue-button" name="submit" title="Sign up for alerts" type="submit" value="Sign Up" /> </form><div id="stay-connected"><!-- end of mail-list-and-feeds --><ul><li class="feeds"><a href="/mailing-lists-and-feeds">Mailing Lists and Feeds</a></li><!--<li class="facebook"><a href="www.us-cert.gov">Facebook</a></li>--><li class="twitter"><a href="https://twitter.com/uscert_gov"><span>Twitter</span></a></li></ul></div><!-- end of stay-connected --></div><!-- end of subscribe-to-alerts --><div id="contact-us"><h3>Contact Us</h3><ul><li class="phone">(888) 282-0870</li><li class="email"><a href="mailto:info@us-cert.gov" title="General questions or suggestions">Send us email</a></li><li class="keys"><a href="/contact-us/">Download PGP/GPG keys</a></li></ul></div><!-- end of contact-us --><p> </p>    </div>
  </div>
</div>  </div>
</div><div class="grid-12 region region-footer-second" id="region-footer-second">
  <div class="region-inner region-footer-second-inner">
    <div class="block block-block block-2 block-block-2 odd block-without-title" id="block-block-2">
  <div class="block-inner clearfix">
                
    <div class="content clearfix">
      <ul><li><a href="/">Home</a></li><li><a href="/faq/">FAQ</a></li><li><a href="/contact-us/">Contact Us</a></li><li><a href="/tlp/">Traffic Light Protocol</a></li><li><a href="/pcii">PCII</a></li><li><a href="/privacy/">DHS Privacy Policy</a></li><li><a href="/disclaimer">Disclaimer</a></li><li><a href="/accessibility/">Accessibility</a></li><li class="last"><a href="/pdf/">Get a PDF Reader</a></li></ul><p>US-CERT is part of the <a href="https://www.dhs.gov">Department of Homeland Security</a>.</p><script type="text/javascript">
<!--//--><![CDATA[// ><!--

		jQuery('#email-address-field').resetField();
	
//--><!]]>
</script>    </div>
  </div>
</div>  </div>
</div>  </div>
</div></footer>  </div>  <div class="region region-page-bottom" id="region-page-bottom">
  <div class="region-inner region-page-bottom-inner">
    <a href="#skip-link" class="element-invisible element-focusable">Back to Top</a>  </div>
</div><script type="text/javascript">
<!--//--><![CDATA[//><!--
var usasearch_config = { siteHandle:'us-cert_i14y' };
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = 'https://search.us-cert.gov/javascripts/remote.loader.js';
document.getElementsByTagName('head')[0].appendChild(script);

//--><!]]>
</script>
</body>
</html>
