Imagine this scenario. You get an email that appears to be from your bank. You open it and read a message riddled with misspelled words that direct you to “click the link below.” You click on the link, and are taken to a page that looks almost exactly like the website you’re used to visiting … almost.
You’ve been phished.
Hopefully, this scenario has never happened to you. Or if it has, you recognized the warning signs and knew to stay away. Unfortunately, many people don’t recognize those warning signs, and fall prey to a particularly insidious form of Internet fraud called phishing.
Phishing is defined as “the creation of email messages and Web pages that are replicas of existing, legitimate sites and businesses. These Web sites and emails are used to trick users into submitting personal, financial, or password data. These emails often ask for information such as credit card numbers, bank account information, Social Security numbers, and passwords that will be used to commit fraud.”1 A play on the word “fishing,” (with regular people as the prey, and fake emails/web sites as the bait), the crooks behind phishing like to target the following areas:
- Retail/Service – 29.37%
- Payment Services – 25.13%
- Email – 12.39%
- Social Networking – 6.43%
- Other – 26.68%
People who fall for these scams are often duped into giving out sensitive information, like their Social Security numbers, account passwords, credit card numbers, or even bank PIN numbers. Or, they may be directed to sites that proceed to install malicious software onto their computer or mobile device. Either way, phishing poses a major threat to your finances, your identity, or your data.
Thankfully, phishing is easy to avoid if you follow a few common-sense rules:
- Legitimate banks, retailers, and social media sites should never ask for your personal information via email. If you receive a message from someone asking for this info, assume it’s a scam.
- Furthermore, as a general rule of thumb, do not reply to any message, electronic or otherwise, that requests your personal information.
- Never use links in an email to connect to a website. Open a new browser window and type the site address in directly.
- Always double-check the URL of any site you intend to visit. Some thieves set up sites with URLs that look very similar to a legitimate site. For example, “amzon.com” instead of “amazon,” or “facebok.com” instead of “facebook.” You get the idea.
- When doing business online, look at each website’s address. Secure websites should have a small symbol of a lock next to their URL, or the letters https (instead of merely http) at the beginning of the address. Both the lock and the letter “s” indicate that the site has been verified as secure.
Also, learn to recognize what common phishing messages look like. There are often a few telltale signs:
Dear Costumer,
We have recieved notice that your identity is not secure! This could put your account in danger. To register for a higher lvel of security, simply:
1. Click the link below to open a secure portal to our site
2. Confirm your the owner of the account by answering a few simple questions
If you do not comply with these instructions in 7 days we have no choice but to permanently delete your account.
Sincerely,
Your Bank, Privacy Division
The warning signs aren’t hard to spot. Look for misspelled words (costumer, recieved, lvel, etc.), links to click on (“Click the link below”), threats (“If you do not comply”), and references to a well-known business or organization.
Just remember that by keeping your eyes open and remembering a few common-sense rules, you can protect yourself, your loved ones, and your data from phishing scams. Good luck!