Most everyone knows that when you go fishing, you use bait – a worm or smaller fish, for example– to attract your prey and get them onto your hook. Criminals who go “phishing”, on the other hand, usually use your trust (as well as play to the natural human feelings of urgency, fear or curiosity) to lure YOU onto their hook . Unless you know what to look out for, you can easily be reeled right into their scheme. And then they’ll have you hook, line and sinker. (Sorry; the wordplay with this topic is simply too hard to resist!)
What is phishing?
Defined, phishing is a method of deceptive data retrieval where legitimate-looking imposter messages encourage people to willingly give up sensitive data. A phishing scam usually provides a link to a bogus website where the end-user is asked to enter sensitive account information. The site may request that you to provide your social security number, tax ID or bank account information. Many hackers are adept at HTML design and Web programming, so they can easily fool an end user with an untrained eye. Company logos are very easy to duplicate, making these messages appear legitimate at first glance.
What do I need to look out for?
The good news is that (at least for now) there are a few telltale signs that give these scams away:
- Because phishing emails are usually sent out to many people at once, they often lack personal greetings. For instance, you can rest assured Bank of America would not send you an email regarding an important issue with your account with the greeting, “Dear Customer.”
- Because many phishing attacks come from non-English-speaking countries, pay close attention to grammar and spelling errors. You are unlikely to find those kinds of mistakes in messages coming from reputable companies and organizations.
- If you receive a suspicious email, hover over the sender’s address and take careful note of the domain name that pops up. Lazy hackers can give themselves away with URLs that look like complete nonsense. Smart hackers purchase domain names that are subtle variations of legitimate URLs, so you will need to look for minor misspellings.
- Also, you can hover your cursor over any links they’ve provided and expect you to click on, and you will likely see suspicious-looking URLs there as well.
- Be wary of attached files; financial institutions will rarely, if ever, send these to their customers. If the message has an “.exe,” “.scr,” “zip” or “.bat” file attached, consider that a red flag and don’t open it!
- Be suspicious of anything that seems too good to be true. You get an email promising free money if you just “confirm” a few bits of personal information (“just by clicking on this link”, of course). There’s no money to be given. Only to be taken…from you!
- Conversely, so not trust messages that seem threatening and require you to take urgent action. Particularly if the action (again) involves clicking on a link. If you worry you may actually have a problem with an account, for example, go to the company’s website on your own via your browser, not by using their suggested method of doing so.
I think I’m being “phished”! What do I do?
Much of the answer to this question lies in what NOT to do. If you suspect an unscrupulous email based on the subject or sender alone, simply do not open it and delete it right away. In some cases, just opening the message may cause you to compromise personal information. If, however, it is already opened, do not click on any links or download any attachments, and do not reply to the sender. Consider contacting the legitimate organization you believe is being “faked” and let them know. They will welcome the information because it gives them a chance to protect the assets and identities of their customers.
And finally, do the obvious: Delete that message once and for all! Because you’ve certainly got more important things to do, or I should say, bigger fish to fry. (Sorry, just had to cast one more out there. But now I’m fin-ished… Reely.)