“Phishing” is a term used to describe a technique criminals use to steal your personal information. Responding to a phishing scam is like handing a burgler the keys to your house! It’s very important for you to learn how to spot phishing email messages and how to lower your risk of identity theft.
How Does a Phishing Scam Work?
A phishing scam tries to trick you into divulging personal identification and security information such as your name, your social security number, passwords, account numbers, etc. Armed with such information, criminals can steal money from your bank accounts, obtain loans and credit cards in your name, and destroy your credit rating!
The Baited Hook
The trick usually arrives in the form of an email message that appears to come from a valid company like eBay, Citibank, or Microsoft. The message often contains graphics and text that look just like the company’s website. This is called “spoofing.”
The message tries to convince you that you must “verify” your personal information. There are many false reasons a phishing scam might use. Here are some examples:
Dear Valued Customer:
Your information must be updated in order to keep your account active. Please login to our site and provide your account number and password to verify your current contact information.
Urgent Security Warning:
Our system indicates your account has been accessed by an unauthorized person. Please provide your credit card number and email address so we can verify you are the valid account holder and reset your security profile.
Additional Information Required:
Because of a change in our policy, you must provide a valid credit card number to keep your account active. If you don't respond within 48 hours, we will close your account for security purposes.
Reeling You In with “Spoofed” Links
“Phishy” email messages usually contains a deceptive link to a phony website where you are supposed to provide the requested information. These “spoofed” links are disguised to make you think they will go to the company’s real website. Instead, they take you to a website designed by the criminals to capture and store your sensitive personal information!
Here’s an example of deceptive link. Based on the link text, it looks like it’s going to take you to the Hubris Communications Customer Account Manager. But when you hover your mouse over the link, you will see it actually goes to a different site:
Don’t ever follow this type of link! Were you to do so, you would be taking the bait offered by the scam artist. He or she would steal whatever personal information you provided and use if it for illegal purposes.
How to Recognize Phony Messages and Phishing Scams
Even though phishing emails contain graphics and text that appear to look legitimate, you can easily spot scams by following these guidelines.
- Never trust messages sent to “Dear Valued Customer” instead of your real name.
- If a bank, credit card company, or other institution really wanted to contact you via email, messages from them would almost certainly be addressed to your real name. Never trust a message requesting personal information if the sender doesn’t even know who you are!
- Never trust messages requesting personal information or “verification.”
- Legitimate businesses never ask you to supply personal information by email. If you have a business relationship with a bank or credit card company, your information should already be on file. There is no legitimate reason you would need to resupply this information.
- Be suspicious of messages which try to make you think you must respond urgently.
- In any kind of scam, fostering a sense of urgency is a common trick. Ligitimate businesses never threaten you via email. Urgent and official matters are almost always communicated via regular postal mail... and such matters are always address to your real name!
- Hover over suspicious links to see where they really go.
- If a link looks suspicious, hover your mouse over the link and look at the popup address that appears. (Sometimes the address will appear in the status bar at the bottom of the email program.) If the real address doesn’t match the text in the email message, the link is spoofed!
- Login to important websites by typing the address in your web browser.
- If a suspicious email provides a link for your to login to a website, don’t click that link. Instead, open your web browser and type the address you’ve used in the past to access your account.