Pin Me

Phishing Scams

written by: •edited by: Brian Nelson•updated: 5/4/2009

This article explains how to recognize potential phishing scams.

  • slide 1 of 1

    Phishing Scams

    Phishing scams deceive you into revealing your personal, banking or financial information through links in email that refer your browser to a look-alike fake website that requests your personal, banking and/or financial information.

    Don’t respond to any official looking email warnings or requests to provide or update account numbers, logon information, account information, banking information, passwords, your address or phone number, or social security numbers from any seemingly reputable company – your bank, retail stores, brokers, the IRS, etc. Never provide any information in an email that you do not want available to strangers. Phishing scams are fishing for your personal information to be used for criminal purposes ranging from removing monies from your accounts to stealing your identity. To check whether the company actually sent you the email, telephone the company directly or close your email program (don’t click on a link in the email) and go to their website in your usual fashion and logon.

    Some phishing scams download and install a keystroke logger program that sends a list of every key you push on your keyboard to a website or email address where the fraudsters collect your private information for illegal distribution and use.

    Don’t reply to the fraudulent email (to any email) with your private information. Providing your private information requested in the email makes your personal information available for illegal distribution and use.

    A fraudulent pop-up window can appear when you click on a link in the phishing email. This window can look like the legitimate website of a reputable company. The window requests your private information. When you complete and send the form, your information is forwarded to the fraudsters for illegal distribution and use.

    Be cautious when your internet service provider, bank, store, credit union, broker, or any other reputable company seems to ask you to update your personal logon, banking or financial information by clicking on a link. Reputable companies do not request their customers or clients to update or provide personal information (logon information, passwords, personal identification numbers, account numbers, or social security numbers) through email. Check with the company through a phone call or by logging on to your secure area of their website in your usual fashion in a new browser window. Phishing scams are exactly what they sound like – fishing for your personal, banking, account or financial information. These typically result in identity theft. Sometimes these have intriguing subject lines like “Account Security Measures”, “Problems with your Account”, “Update from (reputable company)”, “Company Systems Verification Requested”, or “Your Account will be Closed”. Reputable companies also do not address their customers or clients as “user” or “member”. They usually address you by your name. Don't trust e-mail headers because they can be easily forged. The email may say “Citibank” or “PayPal” and look exactly like the company’s logo but it is not from the legitimate company. Don’t click on any links in these emails.

    Don’t fill out any forms in emails. You can't be sure where the data will be sent, and the information can make several stops along the way to the recipient. If you click on a website link in an e-mail message from a company, be aware that scam artists are making forgeries of company sites that look like the real thing. Don’t disclose your personal information at these fake websites. Mail Frontier has developed a Phishing IQ Test to see how good you are at recognizing phishing e-mails from legitimate e-mail requests for personal information at http://www.sonicwall.com/phishing/.

    One phishing technique, used by spammers, is the blank email (no text message and no suspicious link). When you open the blank email to read it, a script automatically installs to do whatever the sender wrote in the script. One script does nothing until you try to do your banking online. It then typically does one of two things: either it redirects your browser to a fraudulent website or it allows you to do your banking but discreetly sends your personal information to a predetermined email or website address. Either way you can be the victim of identity theft. For a quick review about scams, read this article.