Gone Phishing (How to catch a phishing scam)

No, I didn't misspell the word fishing. Phishing is a terms defined by Wikipedia as:

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Electronic communication most commonly referred to as email. Phishers will generally pose as an important institution of some sort. For example, banks and credit unions, online merchant (PayPal), federal resources, etc. In my own experience I have received emails from banks I didn't even have accounts with.

So how you identify if a predator is phishing for your information? Here are some signs you can look for.

1. Your information is at risk! - If an email is telling you you need to log in and verify your information because someone else has posed as you is a good sign. Especially when they provide you with a link where you can go to log in. All important institutions your a client of has several ways of getting a hold of you and in return being able to identify themselves. If something as important as someone threatening to steal your identity is really at risk, the institution will likely call you and explain the situation and your options. They will never send something as casual as an email. If you are still unsure, take the extra effort to pick up the phone and look up the number (not given in the email) and call them. Someone on the other end of that phone is going to be able to assist you or direct your call.
2. Click here to update your account information. - As a general rule, never click links in an email your unsure about. If you need to update personal information, etc. You should open a new browser window and manually enter the correct URL in the URL address bar. This ensures that you will be where you should be and that you can securely log in and handle any disputes as well as update your information. Many times the links provided in emails will look like this www.bankname.com, but is a hyperlink. This means that even though it says your banks name on the link, that isn't necessarily where it will take you. If you mouse over the link, you might even be able to see where the link would otherwise take you. More often then not, these links reference a page that looks like your bank's (or other business's) website. The links on this page will refer you back to the actual bank's website, so they look legit but in your URL bar, you will notice it is not the right URL for your bank. The URL will be pointing to a server in some other country and therefore will probably be composed of random words, letters, and numbers.

These are two big ways to determine a phishing scam and to be able to avoid it. More signs will come soon. If you have any other suggestions, please post them in comments below, thanks.

Posted in: Phishing Scams