Phishing 101

What is phishing?

Phishing scams attempt to trick you into giving up sensitive information (like passwords, personal or account information), by appearing to be “legitimate” requests from trusted sources.

Phishing attempts may come from:

Text messages

Apps (including messaging)


Social media

Phone calls

While phishing has been around for decades, attacks are becoming more common—and more sophisticated.

What to look for in phishing scams:

Phishing scams are NOT easy to spot and anyone can be a victim.

They may look like they come from someone you know.

They may appear to come from a familiar phone number or social media account.

They can mimic the logos and format of messages from well-known organizations.

They often refer to recent ‘headline news’ or your job.

They often include a sense of urgency, “Reply now to protect your account!”

The attacker may have personalized the message with information about you from online sources.


An attacker will do whatever they can to make their email appear real—and they are very good at it.

If you are concerned a link may not be legitimate, share it with the NYC Secure app!

Watch out for these phishing tricks:

Shortened Weblinks

Scammers often use URL shorteners to make a link look more harmless or familiar.


Scammers may try to trick you into thinking they are someone you know or an authority figure.

Username and Password Theft

Scammers often dangle a “free giveaway” or may “need” you to urgently log into an existing account. The link will take you to a fake webpage to enter personal information or a username and password.

Personal Data Collection

Remember that photo you posted of your dog Roscoe? Information you share on social media should not match the answers you use to reset passwords, or part of your password. Scammers use these details to their advantage.

If you are worried a link might be phishing:

  • Trust your instincts and don't click on it.
  • Delete the emails or messages that you believe are phishing.
  • Before clicking on a link, see a preview of the actual web address by hovering your cursor over it, or pressing and holding the link.
  • If you can, mark the source as spam, and block the phone number or messaging source to avoid similar scams in the future.