What is phishing?While phishing is starting to show up in many different forms, basically it's the practice of tricking someone on the Web in order to retrieve their sensitive personal information: passwords, banking information, etc.
Most often, phishing takes the form of fraudulent emails that ask you to "confirm your password", or "verify your account", or "confirm your identity." You might've gotten an email (we all have!) that had this wording in it; I just pulled this out of my email spam filter:
"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
"During our regular verification of accounts, we couldnt verify your information. Please click here to update and verify your information."
How do I know it's a phishing scam?There's a couple of different ways that you'll be able to spot a phishing scam right off the bat.
- A phishing scam will ask you for personal information. Any email that you get from a reputable institution - eBay, banks, Amazon, etc. - will NEVER, ever, ever, EVER ask you for your password or your personal security information. Period. Email is not an absolutely secure medium for transporting that kind of information (yet) and there's no good reason that any company would be asking you for that info. In fact, most reputable companies will have this tagline: "(insert company name here) will never ask you to give us your personal or billing information."
- A phishing email, if clicked, will open up to an insecure site. Every site that uses security encryption will have the HTTPS protocol at the beginning of the URL. Did I lose you? No problem - just read my article titled What is HTTPS?. The HTTPS is a great way to instantly identify a phishing scam - no matter how legit the website may look, if it doesn't have the HTTPS at the beginning of the URL, it's not for real.
- Misspelled words in the site's URL address. A quick tip off that a phishing scam is underway is if the name of the site is misspelled in the site address; for example, www.gooogle.com.
- Personal information asked for via the phone. A very slick phishing scam I've seen: you'll get an email from your banking institution, asking you to call a "secure" number in order to confirm your account number, billing address, or other personal information. This is NOT a legitimate request.
- Generic greeting in the phishing email. One subtle way to detect a phishing attempt is to check if you're personally identified in the email content. For instance, if eBay ever contacts me, they're going to identify me by my eBay user ID, not "Dear eBay Customer."
How do I avoid phishing attempts?
Be Critical:For starters, you'll want to get very skeptical of any emails sent to you that ask for your personal information. If a bank or other company really needs to get a hold of you to verify something, they'll most likely send it in writing or via a secure email. Make sure you familiarize yourself with the above phishing ID tips so you won't get caught.
Be Protected: While researching this email, I opened up a phishing email in my spam filter and clicked on the "secure" site. Instantly, my Google toolbar went crazy on me, and threw a security warning, a big red emergency button in my URL address bar, and grayed out my browser window! That's the kind of protection you need to have, and here's how you can get it: