Phishing scams use fake emails from trusted sources to trick people into giving personal information. Links in the emails lead to fraudulent websites that look real. To protect yourself, don’t give personal information in response to email requests, call the company’s customer service to verify requests, and manually enter website addresses instead of clicking on links. The Anti-Phishing Working Group tracks phishing scams and provides consumer resources.
A phishing scam is identity theft that arrives via email. The email appears to be from a legitimate source such as a trusted business or financial institution and includes an urgent request for personal information usually prompting a critical need to immediately update an account. Clicking on a link provided in the email takes you to an official-looking website. The personal information you provide to this site, however, goes directly to the scam artist.
Fraud is a growing problem on the internet as people are tricked into giving up personal information including credit card numbers, passwords, mother’s maiden name, bank account numbers, ATM access codes and social security numbers . Antivirus protection and firewalls miss most phishing scams because they don’t contain suspicious code, while spam filters let them through because they appear to come from legitimate sources.
The links included in phishing scams lead the unsuspecting person to a fraudulent website designed to mimic the real thing, often down to the smallest detail, including copyright notices, submenu titles, and so on. It’s virtually impossible for most people to tell they’re being targeted by a phisher just by looking at the site. However, clues in the address can sometimes reveal deception.
Similar looking characters could be substituted in the link spelling for the actual character so that a “1” (numeric one) is used instead of a lowercase “L”. For example, the phishers used paypa1.com instead of paypal.com. Other times an IP address, a numeric address, is used to hide the fact that the link is not taking the victim to the real site. However, phishing scams have gotten so sophisticated that phishers can even appear to be using legitimate links, right down to the actual site’s security certificate.
The best way to protect yourself from phishing scams is to avoid giving personal information to an email request. If the request might be legitimate, the company’s customer service should be called to verify the request before providing any information; any telephone numbers contained in the email, if included, should not be used. Even if the request is legitimate, one should manually enter the requested address into the browser rather than clicking on a link, as a phisher scam could conceivably work in conjunction with legitimate activity.
For example, in early April 2005, a mass email that appeared to come from Microsoft Corporation urged recipients to download a long-awaited security update. Those who clicked on the link in the email were directed to a site that appeared to be a legitimate Microsoft update site. Instead of updating their software, however, they were actually downloading a Trojan horse, a remote access program capable of stealing personal information. Microsoft doesn’t use email notification in this way, but many users have been caught off guard.
The famous “letter from Nigeria” was another type of phishing scam. This type of scam is so widespread that it has its own name: 419 scam. The phisher poses as a troubled Nigerian official who requires a US bank account to offload money. The person who allowed temporary use of his account will receive a nice reward. Instead, those who have provided their banking information become victims of theft.
In the United States, the Federal Trade Commission (FTC) and others have focused on public education to combat phishing scams, as phishers are hard to catch. Fraudulent sites operate for very short periods of time and scams from other countries are often performed. In March 2005, Microsoft filed 117 phishing lawsuits in the Western District of Washington with unnamed defendants.
The Anti-Phishing Working Group (APWG) is an international organization of volunteers who work to track phishing scams. Their website maintains an online database of fraudulent emails sent to them. You can check this site for new scams or send them the phisher email you get. The APWG is largely an information hub but provides links to consumer resources. The FTC also has consumer advice, a phishing reporting email address, on its website.
Protect your devices with Threat Protection by NordVPN
