Protect yourself from phishing and fake websites

Phishing is internet fraud targeting computers and mobile devices. Find out how to identify phishing and fake websites to protect yourself.

Identify phishing attempts

With phishing, a scammer pretends to be a different person or from an organization. They try to trick you into sharing personal or financial details. This may include credit card numbers, social security numbers, or passwords.

Be cautious of texts or emails asking for your personal, account, or credit card info. If you get such a request, report it to AT&T Internet Security at abuse@att.net. You can also forward the phishing email to the Anti-Phishing Working Group at reportphishing@antiphishing.org or report it to the Federal Trade Commission.

Recognizing phishing and fake websites

Scammers constantly change their attacks to include details that make you believe the scam is real.

It’s important you know what to look for if you aren't sure if a website or email is legitimate, check for these warning signs:

  • Incorrect URL: If the site uses a different web address (URL) than your bank’s, it’s probably a fake site. Hover your mouse pointer over the link in the email to see if it’s directed to the same site the email came from.
  • All caps in email subject lines: Scammers often use all capital letters in email subject lines to get your attention. We never use all capital letters in our subject lines, so this is a good sign the email is fake.
  • Many undisclosed recipients: Scammers send thousands of phishing emails, hoping someone will bite. If you see an email copied to other recipients, watch out. We consider our customers as individuals, so your email is only sent to you.
  • Banking information: A real bank won’t ask for your banking account info or debit card and PIN numbers through email. Be careful of emails or sites asking for sensitive details, including your Social Security number, besides the standard sign-in credentials.
  • Confirm sensitive account info: If an email or website asks you to confirm sensitive account info, this is likely a scam.
  • Public internet account: Before clicking on any link sent to you by email, look at the sender's email address. If the email has a non-business email address but claims to be from your bank or another business, don’t trust the email. All myAT&T emails are sent from att-mail.com. So, if you don't see that email address, we didn’t send it.
  • Generic customer name: Make sure email claiming to be from your bank includes your given name in the message, such as Dear William Smith, instead of Dear Valued Customer. Real banks address messages to you by name.
  • Misspelled words: Real companies have staff checking the accuracy of emails and websites. If you see a misspelling or a misuse of the company name, don't enter any personal info on the site.
  • Not a secure site: Legitimate e-commerce sites use encryption, or scrambling, to make sure your payment info stays safe. If a site is using encryption, look for a lock symbol in the browser window. The lock symbol confirms it's a legitimate, trusted website. You can also see in the web browser that the website address starts with https:// rather than just http://. Don’t enter payment details on any site that isn't secure.
  • Low-resolution images: Scammers usually create fake sites quickly. This shows in the quality of the sites. If the logo or text appears in poor resolution, it’s an important clue the site could be phony.

Avoiding phish scams

Here are ways to avoid getting caught in a phishing scam:
  • Educate yourself: Read up on the latest scams so you know what to look for. Become familiar with what a phish looks like so you’ll know common tricks.
  • Use common sense: Read emails carefully. See if you know the sender. Be suspicious of emails asking for personal or financial info. Also, be cautious when downloading email attachments or files, unless you trust the sender.
  • Practice smart browsing: Before you enter any information, make sure the website you're visiting is secure. To better protect yourself, use a search engine to find info since they can catch misspellings and prevent you from landing on fake websites. Use a search tool such as McAfee® SiteAdvisor®, which shows in your search results if sites are safe or not.
  • Use technology to protect you: Use security software with anti-phishing features, like the AT&T Anti-Virus Plus. Just make sure the software is up to date. Turn on automatic updates or click the Update button on your control panel.
  • Be vigilant both offline and online: Monitor bank and credit card statements for suspicious charges or transfers. Try to changing passwords regularly. Make sure you create strong passwords using a combination of letters, numbers, and special characters. Don’t use nicknames, birthdays, or details other people may know.

What to do if you get a suspicious message

AT&T Internet makes every effort to block fake messages from reaching you. We work hard to ensure your experience is safe and enjoyable. If you receive what looks like a phishing attempt, help us by reporting it.

  • If it claims to be from AT&T, report it to AT&T Internet Security at abuse@att.net. 
  • If it's not from an AT&T address or not related to AT&T, forward the info to reportphishing@antiphishing.org or report it to the FTC.
  • Report suspicious texts to 7726 (SPAM).
  • After you’ve reported the message, delete it. Don’t click any links or open any attachments. 

Additional info

Find out more about keeping personal info and devices safe at our Fraud & security resources page. You can also check:

Last updated: October 9, 2023

Did you get the help you needed?

Great! We're so glad we could help.

0/500

We're sorry that didn't solve your issue.

0/500

Thanks for your feedback!

Community forums

Have questions about your DSL Internet service? Explore our community forums for answers.