Skip to main content

Be wary of "phishing" emails

Think before acting on an email that seems suspicious.

What's a "phish"?

Phishing emails—fraudulent messages sent to hundreds of thousands of e-mail addresses to "fish" for personal information—prey on people's natural tendencies to react quickly. Criminals are hoping their targets will disclose personal information because they're trying to do too many things at once or they genuinely believe there's an issue they need to address.

The typical phishing email instructs the recipient to click a link that opens a fake website that collects the recipient's name, Social Security number, account number, password, and other information. Other phishing emails may be trying to get you to install "malware" on your computer, software that could take over your computer and steal your online credentials.

Criminals will send hundreds of thousands of emails, hoping to catch unsuspecting people. That's why, for example, you may get emails saying your password is about to expire on a site you don't use. And, because of the largely anonymous nature of the internet, it's difficult, if not impossible, to catch these criminals in the act.

The bottom line

Vanguard doesn't send unsolicited emails asking for personal information.

If you receive a message claiming to be from Vanguard requesting your private information, please forward it to phish@vanguard.com immediately.

Make sure to let us know if you clicked any of the links in the message and/or entered your personal information on a website.

How to help verify if an email is a phish

Vanguard emails come from vanguard.com, e-vanguard.com, evanguard.com, or vanguardinvestments.com.
If an email isn't from one of those addresses, it's not from us. However, trusted third parties with established relationships with Vanguard may send emails about our services, including investordelivery.com and proxyvote.com.

We won't send emails with logon links or attachments unless you're expecting such an email from us based on a conversation with one of our crew members.

Before you click a link in any email, try to verify its authenticity.
Hover your mouse or pointer over the link. Some email scammers put "vanguard.com" in phony links to make the links seem legitimate. Unless "vanguard.com" is immediately followed by a slash ("/"), there's a chance it's invalid. If you're uncertain, it's best not to click.

Don't hesitate

Above all, contact us immediately if you suspect someone is trying to access your Vanguard account fraudulently.

Have you been phished?

If you receive a message claiming to be from Vanguard requesting your private information, please forward it to phish@vanguard.com immediately.

RELATED LINKS