Protect yourself from phishing and fake websites

Phishing is an internet scam aimed at computers and mobile devices. Find out how to identify phishing attempts and fake websites to protect yourself.

Identify phishing attempts

With phishing, a scammer pretends to be a different person or from an organization. They try to trick you into sharing personal or financial details. These may include credit card numbers, Social Security numbers, or passwords.

Be cautious of texts or emails asking for personal, account, or credit card info. If you get such a request, report it to AT&T Internet Security at You can also forward the phishing email to the Anti-Phishing Working Group at or report it to the Federal Trade Commission (FTC).

Recognizing phishing and fake websites

Scammers constantly change their attacks to include details that make you believe the scam is real. It’s important you know what to look for if you aren't sure if a website or email is legitimate. Check for these warning signs:

  • Incorrect URL: If a site uses a different web address (URL) than your bank’s, it’s probably a fake site. Hover your mouse pointer over the link in the email to see if it’s directed to the same site the email came from.
  • All caps in email subject lines: Scammers often use all capital letters in email subject lines to get your attention. At AT&T, we never use all capital letters in our subject lines.
  • Many undisclosed recipients: Scammers send thousands of phishing emails, hoping someone will bite. If you see an email copied to other recipients, watch out. We consider our customers as individuals, so your email is only sent to you.
  • Banking information: A real bank won’t ask for your banking account info, including debit card and PIN numbers through email. Be careful of emails or sites asking for sensitive details, including your Social Security number.
  • Confirm sensitive account info: Emails or websites that ask you to confirm sensitive account info are likely a scam.
  • Public internet account: Be careful with any link sent to you by email. First look at the sender's email address. If it's a non-business address for a bank or other business, don’t trust the email. All myAT&T emails are sent from So, if you don't see that email address, we didn’t send it.
  • Generic customer name: Make sure an email claiming to be from your bank includes your given name in the message. For example, it should say Dear William Smith instead of Dear Valued Customer. Real banks address messages to you by name.
  • Misspelled words: Real companies have staff checking the accuracy of emails and websites. If you see a misspelling or a misuse of the company name, don't enter any personal info on the site.
  • Not a secure site: Real e-commerce sites use encryption, or scrambling, to keep your payment info safe. If a site is using encryption, you'll see a lock symbol in the browser window. The lock symbol confirms it's a legitimate, trusted website. Also, the web browser will show that the website address starts with https:// rather than just http://. Don’t enter payment details on any site that isn't secure.
  • Low-resolution images: Scammers usually create fake sites quickly. This shows in the quality of the sites. If the logo or text appears in poor resolution, it’s an important clue the site could be phony.

Avoiding phish scams

Here are ways to avoid getting caught in a phishing scam:

  • Educate yourself: Read up on the latest scams so you know what to look for. Become familiar with what a phish looks like so you’ll know common tricks.
  • Use common sense: Read emails carefully. See if you know the sender. Be suspicious of emails asking for personal or financial info. Also, be cautious when downloading email attachments or files unless you trust the sender.
  • Practice smart browsing: Before you enter any information, make sure the website you're visiting is secure. Use a search engine because it can catch misspellings and prevent you from landing on fake websites. A search tool, such as McAfee® SiteAdvisor®, will show if sites are safe or not in your search results.
  • Use technology to protect you: Use security software with anti-phishing features, like AT&T AntiVirus Plus powered by McAfee®. Just make sure the software is up to date. Turn on automatic updates or click the Update button on your control panel.
  • Be vigilant both on- and offline: Monitor bank and credit card statements for suspicious charges or transfers. Try to change passwords regularly. Make sure you create strong passwords using a combination of letters, numbers, and special characters. Don’t use nicknames, birthdays, or details other people may know.

What to do if you get a suspicious message

AT&T makes every effort to block fake messages from reaching you. If you receive what looks like a phishing attempt, help us by reporting it.

  • If it claims to be from AT&T, report it to AT&T Internet Security at
  • If it's not from an AT&T address or not related to AT&T, forward the info to or report it to the FTC.
  • Report suspicious texts to 7726 (SPAM).
  • After you’ve reported the message, delete it. Don’t click any links or open any attachments. 
Last updated: December 15, 2023

Did you get the help you needed?