“Phishing” is a type of internet fraud where someone using an email or instant message tries to get a person to reveal sensitive personal information such as online passwords and credit card details. The most common “phish” attempt is to send an email which purports to be from a well-known internet business, such as online banks, online money transfer processors, IT administrators or social networking websites.
The phishing email will suggest the person give personal details in reply to the email, and often provides a link to a website that looks a great deal like the site it is pretending to be. Often, these emails will contain misspellings with help you spot the difference, but the tell-tale sign of a psish scheme is when the email threatens to shut down your account if you do not reply. Most banks, processors and social websites would never do this through an impersonal email.
Phising schemes require you to respond to them for a phish to succeed. That’s why the term borrows from the word “fishing”, because this type of fraud baits a hook (so to speak) that the victim must respond to.
Victims of this type of identity theft are falling into a trap when they respond to the email or other phishing internet communication. This is easy to do, because the electronic communication can look very official at first glance.
How Do I Avoid Phishing Schemes?
In order to avoid phishing schemes first of all, never respond to an email from a supposed internet company when it comes directly to your email. That is, don’t click reply and respond to that email. Instead, do a Google search for the company which takes you directly to their website. Then contact their representatives directly by initiating the electronic communications, so you can know with confidence you are not giving information to phishers.
Second, never follow a link that is found in an email from a supposed internet company when it comes directly to your email. For instance, if you follow a link back to their fake website and submit a complain about phishing, you are only falling into the phishing scheme’s trap. Instead, Goggle the company you want to contact and communicate with their representatives. When you do so, file a complaint with them about potential phishing schemes in their name.
Spotting Phishing Schemes
There are several ways you can tell you are being phished. Phishes are clever in their attempts to trick you, so you need to know what to look for when spotting phishing schemes.
- Restoring Your Bank Account – Phish schemes try to create anxiety in you for the future of your account with them. They might claim you need to give personal information to “restore access to your bank account”. Do not fall for this trick. Any big corporation you have an account with like Youtube, Paypal or Wells Fargo will already have your information and therefore an attempt to get you to reenter your information is highly dubious.
- Lack of Personal Information – Along those same lines, some large corporation where you are a client is going to have your information, so even their automated emails are going to refer to you by name. Often but not always, a phishing scheme will refer to you as “valued customer” instead of by your personal name. When you get “valued customer” or some variation of that instead of “Ted” or “Mr. Smith”, that’s a sure sign that you are being phished.
- Threats – If an email threatens to cancel your account or membership if you don’t respond to an email, you are being phished. Sites like MySpace aren’t in the business of canceling accounts for failure to respond to an email, while a bank like Bank of America cannot legally suspend your account for failure to respond to an email. (When you place your money in the bank, you literally are loaning that money to the bank. Suspending your account would be akin to that bank stealing your money, and would be highly illegal on their part.) If you get a threat from an unsolicited email, that person is trying to scam you.
- Link Manipulation – Phishers will place a link to their own spoof website with anchor text similar but slightly different from the website they are spoofing. You might get an email that sends you to “paypal.genuine” instead of “paypal” and that kind of trickery. Simply put, do not click on a link in any unsolicited email. If you choose to do and they are asking for personal information like name, birth date or social security number, or if they ask for your credit card number, get out of that site immediately and by all means do not respond to their requests for your information.
- Fake Warnings – Many of these phishing schemers are brazen enough to include warnings about phishing, email fraud and identity theft in their emails. This is just another attempt to appear like the genuine thing, while they are really just setting you up. These emails often will say they don’t ask for personal information, but will instead provide a link to a site that asks for personal information. Just remember, a warning against phishing is no guarantee that the email isn’t a phish.
- Server Authentication Helps, But Isn’t Flawless – “Server authentication” is an internet technology which provides security from some fraud, because it encrypts communications. This rarely helps in the case of phishing schemes, though, because you are giving out your information freely. Just because you have technology on your computer that helps fight fraud, do not falsely assume you are protected against phishing and phishing schemes.
Avoid Phishing Schemes
Remember, it is important for you to avoid phishing schemes. The end result of phishing is to steal your personal information and then commit criminal fraud through identity theft, raiding your bank account and your credit card accounts and leaving you with big debts. So it is highly important you avoid phishers and never fall for their traps. Here are some websites that have been spoofed before. This list is far from complete.
List of Websites Phishing Schemes Have Spoofed
- Papal
- Wells Fargo
- Chase Bank
- Bank of America
- eBay
- YouTube
- MySpace
- Windows Live Messenger
- Yahoo
- Individual Internet Service Providers or ISPs