A common starting point for many scams is by email. Criminals know you're overloaded with messages and seize the opportunity to catch you off guard. They send their email into the flood already entering your inbox, hoping you'll open it distractedly.

These fraudulent phishing emails claim to be from legitimate organizations (e.g., Amazon, eBay, personal banking) but contain links to bogus websites that often mimic popular online retailers, where you are asked to enter your email, password, and other sensitive information. Some messages may also include malicious attachments intended to infect your computer or devices.

A newly identified imposter scam involves a phishing email that leads to vishing or a "voice phishing" attack, designed to trick you into contacting a cybercriminal and giving up your credit card number and other personal details. As with all suspicious email, take the time to investigate:

• Check the sending address. It could be sent from a faked or compromised account.
• Confirm links by hovering over them to reveal the URL before you click.
• Never open links or attachments from untrusted or unexpected sources.
• Watch out for email targeted to stir your emotions. Criminals try to knock you off balance with threats, a false sense of urgency, or a deal that's too good to be true.
• Check the Phish Bowl and report suspected fraud to the IT Security Office.

Learn more about how to protect yourself from vishing and other scams with these helpful videos from the National Cybersecurity Alliance:

• What Is Vishing?
• What Are Vishing, Smishing, and Phishing?