Here are some questions we ask whenever we look at a suspicious message.
Is the message being sent by someone pretending to be someone else? If threat actors are hiding their identity, they may be trying to convince you that they’re someone they aren’t, so proceed with caution.
Is there a good reason that this text was sent? If you didn’t ask for it, weren’t expecting it, and don’t know who sent it, then you should be extra cautious. Report the message here.
Does the message ask you to share sensitive information like financial accounts, a username or password, or information that could expose your identity? If so, double check that you know who you’re interacting with and navigate to a known, legitimate page through your web-browser instead of using the information provided, such as a link or shortened URL, in the suspicious message.
Spam can take a wide range of forms, from the annoying—unwanted subscriptions to legitimate companies’ mailing lists—to the sinister—empty promises by fly-by-night businesses—and everything in between.
At a minimum, spam is a nuisance. It clogs inboxes and messaging apps, and it wastes your time to slog through these junk messages to find the ones that really matter.
Spam often is associated with some sort of fraud. Shady organizations often falsely claim to have received endorsements from trusted news outlets and popular celebrities. Spam frequently promises products that don’t exist or that don’t match the advertised specifications, such as counterfeit or knock-off goods, including medication.
Spam might facilitate other criminal activity. For example, spam might attempt to trick you into visiting websites or downloading apps that secretly install malicious software (“malware”) onto your computer or mobile phone. Frequently, such malware will try to steal your personal information and financial information, including account details stored on your devices when you visit your bank’s website or make purchases online or through your mobile apps.
Scammers are looking for information that enables them to pose as somebody else for long enough that they can steal something, sell it, and disappear. That “something” is often your personal information, which is why it is important to understand how to stay safe and protect yourself online.
Usernames and passwords are common targets. Scammers also collect other personal information, such as phone numbers, addresses, and social security numbers. Be suspicious anytime someone asks for this information, and make sure you know and trust who you’re interacting with online before providing any information.
Example of how this works: A scammer pretends to be you and requests services from an institution where you are a member (for example: requesting a money transfer from your bank). The institution grants the request (because they think it’s you), and the scammer cashes out and disappears before the mistake is noticed, leaving you and your service provider to cover the theft.
"Spam" is basically the Internet’s equivalent of junk mail. Although it's usually fine for companies to send advertising to your phone or email, it’s a problem (and possibly illegal) when you haven't given your permission for companies to contact you. If you don’t remember giving a company your phone number or email along with permission to communicate with you, you might be the target of spam.
Spam often has a few key characteristics. It might be dishonest, making unfounded claims or taking advantage of a legitimate, trusted company’s identity. Often, spam will attempt to hide the fact that it's advertising. Some popular tactics for hiding advertising include offering fraudulent prize notifications or displaying unscientific medical claims. It's frequently difficult to unsubscribe because malicious spam might not include an "unsubscribe" link (email), "STOP" instructions (text message), or contact information for you to request to be removed from further messages.
Spam filters aren't perfect, and some spam will always get through; however, here are some steps you can take to limit the amount of spam that reaches you.
Seek carrier or email provider protection. Sign up for a carrier or email provider that offers spam filtering or other spam protections. By using the anonymous information about the millions of messages they process, many carriers and email providers are excellent at spotting and blocking spam before it reaches you. Many popular free email providers also offer spam filtering at no cost.
Use multiple email addresses. Use different email addresses for different purposes. For example, keep one email address to communicate with individuals you know and trust (friends, family, colleagues, and so on) and to receive critical messages, like bills. Keep a separate email account for everything else, including social media, mailing lists, contests, and website registrations.
Read the fine print. Before you submit your phone number or email address via an online form, look at the details. By submitting your contact information, you might be consenting to receiving messages from this company or allowing it to share your contact information with other companies. You might need to deselect an automatically checked box.
Avoid posting contact information, when possible. Don’t post your email address or phone number online, such as in the comment section on a blog. In many cases, spammers attempt to automatically search the Internet and harvest these contact points to add to their messaging lists. If you must post your contact information online, consider alternative ways that you could write your email address or phone number. For example, writing “(a)” or “-at-” instead of “@” makes it more difficult for spammers to find addresses using search engines or software programs. For phone numbers, adding an extra space or a symbol in between each number can serve the same purpose (e.g., 5-5-5 or 5 5 5).
Don't engage spammers. If you receive a spam phone call, email, or text message, don't pick up or respond. If you respond to the spam message, it lets the spammer know that they've reached a real person on the other end of the message. Once they identify a real person, they'll often either try to reach you again or resell your number or email to other spammers.
Although it’s impossible to prevent all spam, the more we know about spam activity, the more effective we can be at stopping it. When you send us information about a spam incident or digital threat, we use that information to help target our research and investigations. We
Investigate and document their illegal activities.
Expose the criminal activity to the people who can stop it.
Report the message content and sender (i.e., the spammer) to SpamResponse through our simple form at www.spamresponse.com/report-spam. We investigate every spam report received, and where threats are identified, we go after the spammers and other threat actors responsible, protecting other consumers from being impacted by the threat.
Phishing is a specific type of cyber-crime in which threat actors try to obtain sensitive information—like usernames, passwords, and personal details—that can be used to gain access to targeted data or systems. For instance, phishing attacks can result in identity theft or your online accounts becoming compromised.
Change your passwords. If the information you gave out could be used to gain access to your email or bank account, for example, then you should assume that all of your passwords are compromised. Choose strong passwords that have a mixture of uppercase and lowercase letters and use special characters or symbols, and avoid re-using passwords across multiple online accounts.
Notify appropriate parties (your bank, email provider, IT department) of the theft of your information so that they can help protect your account – and themselves, and report the incident to SpamResponse, so we can go after the threat actors responsible for phishing activity.
Monitor your accounts regularly for signs of suspicious activity.
Selling it, probably. Whoever buys it might try to steal from your account, or they could hold onto the information for a while, waiting to collect more. The more information an attacker has, the more ways they can strike.