Falling prey to a phishing scam is a scary thought; no one wants their identity stolen. How can you learn to tell the difference between legitimate emails and scams?
You’re probably wondering, first off, where it gets that strange name from. As the Webopedia Computer Dictionary says at the tail end of its “phishing” definition:
Phishing, also referred to as brand spoofing or carding, is a variation on “fishing,” the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.
Wikipedia.org, however, goes into a bit more detail about how and why phishing scams work:
In computing, phishing (also known as carding and spoofing) is a form of social engineering, characterised by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message. The term phishing arises from the use of increasingly sophisticated lures to “fish” for users’ financial information and passwords.
Some of the most common phishing scams around are the PayPal and eBay ones – everyone should know by now that any email purporting to come from these two companies which requires you to sign-on via a link in the email is anything but legit. But what about those that come from your specific credit card company, bank, or another company you do business with?
There is one word of advice I can give you – one thing you can always remember when trying to decide if an email is fake or legit – you can be sure that companies, finanical institutions, nor credit companies will EVER ask you for your account information via email!!
That bears repeating and further clarification: ANY EMAIL THAT ASKS YOU TO “SIGN-ON” FROM THE EMAIL, THEREBY HAVING TO TYPE IN YOUR ACCOUNT NAME AND/OR PASSWORD, IS NOT LEGIT!!
If you have any concerns on whether the email in front of you is the real-deal, and you worry your account may be suspended or canceled (as many of them threaten to do to “scare” you into giving up your info), open a new browser window and type the URL of the company/institution into the URL bar. Go directly to the site – never click on the links given in the email. You could also call the company/institution in question and ask them if there is anything amiss with your account, and if they have tried to contact you.
Even for a seasoned veteran like myself, spoof emails are very difficult to spot. Take this great Phishing IQ Test offered by MailFrontier. I got less than half right – and I know what to look for!
Remembering the simple rule of thumb given above (no clicking on links in emails, companies won’t ask for personal/account info via email) and you should be okay – even if you (like me) failed the Phishing IQ Test!
The best protection – always – is to be informed. Learn as much about phishing and pharming as you can – stay abreast of the latest attacks and most common spoof emails in circulation. And, always, be wary of giving our personal and account information online!