What is Phishing?
Phishing is the act of masquerading as an online entity (a business, bank, or other legitimate institution) in order to obtain credit card numbers, usernames, passwords, and other sensitive data. This is usually done through email.
To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site, but it actually takes you to a phony scam site or possibly a pop-up window that looks exactly like the official site. These copycat sites are also called "spoofed" Web sites. Once you're at one of these spoofed sites, you might unwittingly send personal information to the con artists.The term phishing is a variant on the word fishing; identity thieves dangle something like a fraudulent email and wait for the gullible to take the "bait" and provide things like credit card numbers and important passwords. The ph beginning was picked up from a telephone systems hacking practice referred to as phreaking.
Concerns for Parents
- Most phishing attempts are not directed at children. Most youngsters don't have credit cards, don't have large bank accounts, and don't even know what a Social Security number is. Since phishers are out to make money, they are going to go for adults and older teens.
- If you fall for a phishing email and give a fraudulent source sensitive information, your identity will be stolen and could be used to make large purchases, open false bank accounts, launder money or commit other crimes. Credit scores and financial reputation can be seriously scarred by identity theft. In addition to costing you hundreds or thousands of dollars, identity theft issues may take weeks or months to sort out.
How Can I Stay Safe?
- Be sure your email account has a good spam filter. The easiest way to avoid phishing emails is to never even see them. Set email preferences to filter out unwanted email so that you don't have to determine which emails are legitimate and which are not on a case-by-case basis.
- Don't give any personal information out in response to an email. Businesses should never ask you to send Social Security numbers, passwords, usernames, or other private information through e-mail.
- Don't click on links in suspected emails; these are usually fraudulent. Instead, go to the company's home page yourself by typing the true address into the address bar.
- Don't click on images in suspected emails. They could have hidden scripts which try to access your bank account.
- Be able to recognize phony emails.
- Look for your name. Odds are, you are addressed as "Dear Valued Customer," or something similar. Phishing emails are sent to thousands of recipients at a time, so a generic greeting is a clue that an email is bogus.
- Look at the sender's email address. Is your email from "Wells Fargo" sent from [email protected]? A fake-sounding email address is a red flag that your email is from a fraudulent source.
- Look at the spelling and grammar in the email's text. Many phishers are from countries outside of the U.S., and their English may be broken, awkwardly worded, or riddled with misspellings.
- Look for phony links. These are usually "masked," meaning the text in the link doesn't match the actual link. The actual link is displayed in the bottom-left of the browser when you hover over the link.
- Watch out for suspicious links on Web pages, too—not just on emails. These are not as common as the email variety but they are out there. Pay attention to the URL in your address bar before you type in your log-in password or other important information. If the address isn't the usual one, you may be looking at a fake Web page designed to collect everything you type for criminal purposes. For example, if the Facebook log-in page doesn't have the plain old "http://www.facebook.com" in the address bar, you're probably on a fake site. Most legitimate sites have slightly crazy-looking addresses at some point, but keep an eye out for obvious differences.
Where Can I Learn More?
- Video on how Phishing works and how to prevent it!
- HowStuffWorks.com tells you how the whole racket operates.
- This site gives an example of a widely-distributed phishing email that claimed to be from eBay. It highlights all the indicators that it is a bogus message and gives additional tips for recognizing phishing.
- Read Microsoft's guidelines for recognizing phishing emails.
- Watch this YouTube video to see how phishing works
- Report all suspected phising attacks to your email provider. This makes their filter stronger.
- If you have fallen victim to phishing, here's what you can do.