If you believe that your Apple ID has been compromised, or if you might have entered your password or other personal info on a scam website, change your Apple ID password immediately. How to protect your Apple account and devices Here are some things you can do to avoid scams that target your Apple account and devices.

To avoid unwanted, fake, or malicious software, install software from the App Store or get it directly from the developer's website. Learn how to safely open software on your Mac or remove unwanted configuration profiles from your iPhone, iPad, or iPod touch.

Avoid Phishing Website Tricks

Phishing (pronounced: fishing) is an attack that attempts to steal your money, or your identity, by getting you to reveal personal information -- such as credit card numbers, bank information, or passwords -- on websites that pretend to be legitimate. Cybercriminals typically pretend to be reputable companies, friends, or acquaintances in a fake message, which contains a link to a phishing website.

Urgent call to action or threats - Be suspicious of emails that claim you must click, call, or open an attachment immediately. Often, they'll claim you have to act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams. They do that so that you won't think about it too much or consult with a trusted advisor who may warn you.

In phishing and whaling attacks, the scammer first gathers details about the target individual or company. For example, the scammer can harvest information from social media profiles, company websites and internet activity to create a customized message.

There are several resources on the internet that provide help to combat phishing. The Anti-Phishing Working Group Inc. and the federal government's OnGuardOnline.gov website both provide advice on how to spot, avoid and report phishing attacks. Interactive security awareness training aids, such as Wombat Security Technologies' PhishMe, can help teach employees how to avoid phishing traps. In addition, sites like FraudWatch International and MillerSmiles publish the latest phishing email subject lines that are circulating the internet.

These happen when major payment applications and websites are used as a ruse to gain sensitive information from phishing victims. In this scam, a phisher masquerades as an online payment service (such as PayPal, Venmo or TransferWise).

Other types of phishing attacks ask that you click on a link to verify that a credit card or bank account is yours. Again, that link will take you to a fraudulent website that will ask you to provide personal or financial information that will likely be captured by fraudsters.

Should any user successfully identify and thwart a phishing attack or be the unfortunate victim of one, one method of letting others avoid the same fate is to share their experience through Reddit, Twitter, a personal blog, or even an email to a crypto news publication.

New phishing attack methods are being developed all the time, but they share commonalities that can be identified if you know what to look for. There are many sites online that will keep you informed of the latest phishing attacks and their key identifiers. The earlier you find out about the latest attack methods and share them with your users through regular security awareness training, the more likely you are to avoid a potential attack.

One of the best ways to help anyone learn how to spot these increasingly more sophisticated phishing tactics is through the many online phishing quizzes, which can be found on various websites, including the Federal Trade Commission, Google, OpenDNS, SonicWall, PhishingBox, NexusTek and ESET.

The majority of phishing attacks happen via email. And unfortunately, scammers have learned how to bypass basic email security in order to get their scam messages into your inbox. To avoid receiving spam and scam emails, update your spam filters to block out more potential phishing attacks.

For peace of mind, consider signing up for an all-in-one digital security solution that will protect your devices from hackers, warn you of phishing websites, and monitor your financial and personal accounts for signs of fraud.

A phishing website is a malicious website that scammers use to trick you into sharing confidential information. For example, they might create a website that looks like your online banking login page to induce you to enter your account numbers and password.

One, every business, no matter what size, should require its employees and contractors to go through cyber awareness training or cybersecurity awareness training that revolves around email phishing and how to avoid it.

SMS phishing[31] or smishing[32][33] is a type of phishing attack that uses text messages from a cell phone or smartphone to deliver a bait message.[34] The victim is usually asked to click a link, call a phone number, or contact an email address provided by the attacker. They may then be asked to provide private information, such as login credentials for other websites. The difficulty in identifying illegitimate links can be compounded on mobile devices due to the limited display of URLs in mobile browsers.[35] Smishing can be just as effective as email phishing, as many smartphones have fast internet connectivity. Smishing messages may also come from unusual phone numbers.[36]

Phishing attacks often involve creating fake links that appear to be from a legitimate organization.[39] These links may use misspelled URLs or subdomains to deceive the user. In the following example URL, , it can appear to the untrained eye as though the URL will take the user to the example section of the yourbank website; actually this URL points to the "yourbank" (i.e. phishing) section of the example website. Another tactic is to make the displayed text for a link appear trustworthy, while the actual link goes to the phisher's site. To check the destination of a link, many email clients and web browsers will show the URL in the status bar when the mouse is hovering over it. However, some phishers may be able to bypass this security measure.[40]

Internationalized domain names (IDNs) can be exploited via IDN spoofing[41] or homograph attacks[42] to allow attackers to create fake websites with visually identical addresses to legitimate ones. These attacks have been used by phishers to disguise malicious URLs using open URL redirectors on trusted websites.[43][44][45] Even digital certificates, such as SSL, may not protect against these attacks as phishers can purchase valid certificates and alter content to mimic genuine websites or host phishing sites without SSL.[46]

An alternative technique to impersonation-based phishing is the use of fake news articles to trick victims into clicking on a malicious link. These links often lead to fake websites that appear legitimate,[51] but are actually run by attackers who may try to install malware or present fake "virus" notifications to the victim.[52]

There are anti-phishing websites which publish exact messages that have been recently circulating the internet, such as FraudWatch International and Millersmiles. Such sites often provide specific details about the particular messages.[133][134]

To avoid phishing attempts, people can modify their browsing habits[141] and be cautious of emails claiming to be from a company asking to "verify" an account. It's best to contact the company directly or manually type in their website address rather than clicking on any hyperlinks in suspicious emails.[142]

Another popular approach to fighting phishing is to maintain a list of known phishing sites and to check websites against the list. One such service is the Safe Browsing service.[153] Web browsers such as Google Chrome, Internet Explorer 7, Mozilla Firefox 2.0, Safari 3.2, and Opera all contain this type of anti-phishing measure.[154][155][156][157][158] Firefox 2 used Google anti-phishing software. Opera 9.1 uses live blacklists from Phishtank, cyscon and GeoTrust, as well as live whitelists from GeoTrust. Some implementations of this approach send the visited URLs to a central service to be checked, which has raised concerns about privacy.[159] According to a report by Mozilla in late 2006, Firefox 2 was found to be more effective than Internet Explorer 7 at detecting fraudulent sites in a study by an independent software testing company.[160]

Still another technique relies on a dynamic grid of images that is different for each login attempt. The user must identify the pictures that fit their pre-chosen categories (such as dogs, cars and flowers). Only after they have correctly identified the pictures that fit their categories are they allowed to enter their alphanumeric password to complete the login. Unlike the static images used on the Bank of America website, a dynamic image-based authentication method creates a one-time passcode for the login, requires active participation from the user, and is very difficult for a phishing website to correctly replicate because it would need to display a different grid of randomly generated images that includes the user's secret categories.[173]

Several companies offer banks and other organizations likely to suffer from phishing scams round-the-clock services to monitor, analyze and assist in shutting down phishing websites.[174] Automated detection of phishing content is still below accepted levels for direct action, with content-based analysis reaching between 80% and 90% of success[175] so most of the tools include manual steps to certify the detection and authorize the response.[176] Individuals can contribute by reporting phishing to both volunteer and industry groups,[177] such as cyscon or PhishTank.[178] Phishing web pages and emails can be reported to Google.[179][180]

On January 26, 2004, the U.S. Federal Trade Commission filed the first lawsuit against a Californian teenager suspected of phishing by creating a webpage mimicking America Online and stealing credit card information.[184] Other countries have followed this lead by tracing and arresting phishers. A phishing kingpin, Valdir Paulo de Almeida, was arrested in Brazil for leading one of the largest phishing crime rings, which in two years stole between US$18 million and US$37 million.[185] UK authorities jailed two men in June 2005 for their role in a phishing scam,[186] in a case connected to the U.S. Secret Service Operation Firewall, which targeted notorious "carder" websites.[187] In 2006, Japanese police arrested eight people for creating fake Yahoo Japan websites, netting themselves 100 million (US$870,000)[188] and the FBI detained a gang of sixteen in the U.S. and Europe in Operation Cardkeeper.[189] 2ff7e9595c