Watch For Phishing Scams

Phishing

Some attacks are not on the computer, but on the computer user instead. A very popular way of attacking the user is "phishing" (pronounced "fishing"). Phishing has become one of the fastest growing methods of stealing data today.

Phishing is a kind of e-mail con game. The idea is to trick you into actually giving away your personal information. Thieves send out millions of phishing emails in the hope that they can "catch" a few unsuspecting users. This is how it works:

You receive an email that is forged to look like it's from a legitimate company, such as eBay or a bank. The phishing email urges you to update your personal information immediately, such as passwords and credit card numbers, often telling you that your account will be closed or canceled if you do not. These e-mails always contain a link for you to click to complete the update. When you click it, you are taken to a website that seems to belong to the company or bank.

Unfortunately, the site is a fake designed to appear as if it were genuine. It may even display forged logos to enhance the appearance of legitimacy. Instead, it is owned and operated by the thief running the phishing scam. If you fill in your information and click "submit," your data is sent straight to the thief. Your browser is then redirected to the real company's site so that you don't suspect a thing.

By sending out large numbers of these phishing emails, the "phisher" can count on a certain percentage of the recipients being "hooked" into entering their information. In one phishing scam in which the emails were forged to look as if they came from a bank, more than 40% of the recipients responded.

There are ways to detect when an email could be fraudulent.

Watch your cursor when you point it at a link in an email. If it changes to a hand shape, that a good indication that the link is not text - a sign that the email itself could be a scam. Phishers will create the website link as a picture. It will look like a proper site address, such as "accounts@ebay.com," but is actually a picture of the word. Behind the picture is the attackers' site address. When you click it, it redirects you to the attackers' website, which is designed to look like the legitimate one. You'll think you're entering your updated data into the legitimate site, but instead you're sending it directly to the thief.

There may be other signs that the email is not legitimate. Look for obvious spelling and grammatical errors. Many phishing schemes originate from outside North America, and the authors are not always fluent in English.