Email: A Scammer’s Favorite Tool
Avoid clicking suspicious links
If an email pressures you to click a link — whether it’s to verify your login credentials or make a payment, you can be sure it’s a scam. ESSA will never ask you to do that. It’s best to avoid clicking links in an email. Before you click, hover over the link to reveal where it really leads.
Raise the red flag on scare tactics
ESSA will never use scare tactics, threats, or high-pressure language to get you to act quickly, but scammers will. Demands for urgent action should put you on high alert. No matter how authentic an email may appear, never reply with personal information like your password, PIN, or social security number.
Be skeptical of every email
In the same way defensive driving prevents car accidents, always treating incoming email as a potential risk will protect you from scams. Fraudulent emails can appear very convincing, using official language and logos, and even similar URLs. Always be alert.
Watch for attachments and typos
ESSA will never send attachments like a PDF in an unexpected email. Misspellings and poor grammar are also warning signs of a phishing scam.
What to do if you fall for an email scam:
- Change your password if you clicked on a link and entered any personal information like your username and password into a fake site.
- If you lost money, file a police report.
- File a complaint with the Federal Trade Commission or call 1-877-FTC-HELP (382-4357).