Phishing Scams - Federal Trade Commission
Phishing Scams and How to Spot Them Phishing is a type of online scam that targets consumers by sending them an e-mail that appears to be from a well-known source – an internet service pr
www.ftc.govI can share the latest publicly available overview on phishing scams, but I don’t have live access to news feeds right this moment. Here’s a concise update based on recent reporting:
- What phishing is: Phishing is a social-engineering attack where criminals impersonate trusted brands or contacts to induce individuals to reveal personal information, login credentials, or payment details, often via email, SMS, or messaging apps. It typically leads victims to counterfeit websites or prompts them to reply with sensitive data.[2]
- Recent trends and developments: Modern phishing increasingly uses AI-enabled tools to craft personalized messages and page content, making scams harder to spot, and it’s common to see multichannel campaigns that combine email, text, and voice (vishing) to maximize success. Reported abuses include business email compromise (BEC), QR-code landing pages, and OAuth/device-based phishing methods, illustrating attackers’ attempts to bypass traditional security controls.[1][4]
- How to spot and protect yourself: Key indicators include urgent or fear-based language, requests for login or payment details, mismatched sender addresses, unexpected attachments or shortened URLs, and messages claiming you’ve won a prize or owe a payment. Best practices include verifying through official channels, enabling multi-factor authentication, keeping software up to date, and using phishing awareness training and email filtering where available.[5][2]
- What to do if you’re targeted: Do not click any links or provide information. Report suspected phishing to your organization’s security team or to consumer protection authorities, and if you’ve shared credentials, change passwords immediately and monitor accounts for unusual activity.[2][5]
Illustration: A phishing attempt often masquerades as a familiar brand (e.g., a bank or service) and uses a realistic-looking login page. If anything feels off (sender, domain, or URL), verify by contacting the organization directly through official channels.
Would you like a one-page checklist you can print, or a quick summary tailored to Kyiv/UA-based organizations (e.g., common local scams, reporting contacts, and bilingual warning signs)? I can also pull the very latest headlines if you’d like me to search current outlets.