Phishing is when scammers fool you, to think they are someone you trust, in order to make you do something.

They may use fake emails, social media posts, or direct messages (DMs) with the goal, of luring you, to click on a bad link or download a malicious attachment. Clicking on a link or file can hand your personal information over to cybercriminals or install malware onto your device.

No need to fear your inbox. With some knowledge, you can outsmart the phishers every day.

7 Types of Phishing Scams

Types of phishing scams and descriptions
Scam Type Scam Description
Email Phishing An email attack which appears to be authentic (but is fake) from your Bank, Google, Amazon, or even your CEO. It requests information and/or directs you to a fake website.
Spear Phishing Scammers target you, specifically. They research you and know your family members, where you work, and your supervisor. The chances of fooling you are higher.
Smishing Text message phishing scam. Scammers know people respond to text and instant messages faster than email.
Google Search Scammers invest in search engine optimization and work hard to rank their scam sites in the top search results.
Social Media Scammers create fake social media accounts, using the same name or photo as one of your real friends, to try and scam you.
QR Code Scammers place their own sticker over a legitimate QR code to direct you to their fake site. This is common in restaurants.
Vishing Voice phishing (vishing) is an attack made over the phone. Scammers spoof a phone number which appears to be identical to a number you know, such as your bank.

Recognize a Phishing Attempt

Remember the signs of a phishing email can be very subtle. It is important to review (take 4 seconds) and ensure an email is legit to avoid falling for it.

  • Does it contain an offer that’s too good to be true?
  • Does it include language that’s urgent, alarming, or threatening?
  • Is it poorly crafted writing riddled with misspellings and bad grammar?
  • Is the greeting ambiguous or very generic?
  • Does it include requests to send personal information?
  • Does it stress an urgency to click on an unfamiliar hyperlink or attachment?
  • Is it a strange or abrupt business request?
  • Does the sender’s email address match the company it’s coming from? Look for little misspellings like (instead of or (instead of

I see a phishing email. What do I do?

Don’t worry; the hard part is recognizing the email is fake. If you are at MCC, and the email came from your work/student email, report it to Tech Support as quickly as possible.

If the email came to your personal email, don’t do what it says. Do not click on any links (even the unsubscribe link) or reply back to the email. Use the delete button.


Test your Knowledge

Can you recognize a phishing email? Take the Phishing Quiz (with