Today's scammers don't have to go dumpster-diving to get your personal information, as they have found a more sophisticated way to lure unsuspecting victims – they go "phishing."
Phishing is a high-tech scam that uses spam to deceive unsuspecting consumers into disclosing their credit card numbers, bank account information, Social Security number, passwords, and other sensitive information. According to the Federal Trade Commission (FTC), phishers send an email that claims to be from a legitimate business or organization, and the message usually asks that the recipient "update" or "validate" his or her account information.
What Is Phishing?
Phishing (pronounced “fishing”) is an online fraud technique used by criminals to entice you to disclose your personal information. Phishers use many different tactics to lure you, including e-mail and Web sites that mimic well-known, trusted brands. The purpose of these fake messages are to trick consumers into providing the following:
- Name and username
- Address and phone number
- Password or personal identification number (PIN)
- Account number
- Credit or debit card number
- Card validation code (the 3-digit number on the back of the card)
How Can You Tell if an E-Mail Message Is a Fraud?
- Requests for personal information in an e-mail message: Most legitimate businesses have a policy that they do not ask you for your personal information through e-mail. Be very suspicious of a message that asks for personal information even if it might look legitimate.
- Urgent wording: Phishing emails almost always try to get you to respond to the message or to click the link that is included. To increase the number of responses, criminals attempt to create a sense of urgency so that people immediately respond without thinking.
- Lack of personalization: Usually, fake e-mail messages are not personalized. As an example, "Dear valued member, it has come to our attention that your account information needs to be updated due to inactive member, frauds and spoof reports. Failure to update your records will result in account deletion. Please follow the link below to confirm your data."
- Fake links: Phishers are getting very sophisticated in their ability to create misleading links to the point where it is impossible for the average person to tell if the link is legitimate or not. It's always best to type in the Web address of the company that you trust, instead of using the link in the email. The link you are urged to click might contain all or part of a real company's name and can be "masked," meaning that the link you see does not take you to that address but somewhere different, usually a faked website.
- Links using an "at" (@) sign: Be aware of Web addresses that include the "at" sign. The URL would take you to the location that comes after the "at" sign, not to your trusted site. This is because browsers ignore anything in the URL that comes before the "at" sign.
- The message body is an image: To avoid detection by spam filters, fake e-mail messages used in phishing schemes often use an image instead of text in the message body. The message body image is usually a link to a Web page.
- Attachments: Many phishing schemes ask you to open attachments, which can then infect your computer with a virus or spyware. If spyware is downloaded to your computer, it can then record the keystrokes you use to log into your personal online accounts and then sends that information back to the criminal. So be sure not to open attachments in suspicious e-mail messages. Any attachment that you want to view should be saved first, and then scanned with an up-to-date antivirus program before you open it.
- Promises that seem too good to be true: Use common sense and be suspicious when you are offered money or discounts that seem too good to be true.
- Typos and poor grammar: Since many fraudulent emails are mass produced, there is a good chance you will find misspellings and poor grammar. A legitimate business will usually check these items before sending an e-mail to their customers.