What Exactly Is A Phishing Scam?

Everyone who has ever been online should, hopefully, know that the internet is packed full of threats, both real and virtual in nature. One of the more common of those threats is phishing which is, technically, theft via email.

If your email inbox is anything like mine then you probably receive several of these phishing emails each and every day. Experienced people will see them for what they are but the young, the old and those who are new to the internet may well fall prey to phishing emails which appear to be from legitimate businesses and organisations.

What Exactly Is A Phishing Scam?

‘TRUSTED SENDERS’

Typically, phishing emails are designed to appear as though they have been sent out from companies such as eBay and Paypal or from banks or, in other words, any organisation with which you may have an account that has money in it. Content-wise, phishing emails will usually tell the recipient that there is some reason why they need to update their personal details, such as for a ‘security upgrade’. Of course the scammer then thoughtfully provides a link in the email to aid the recipient and that link will take them to what appears to be a genuine looking website for whichever company is being used in the phishing scam. When the victim updates his or her personal information on that site they will, in fact, have handed all those details to the phisher.

You need to a flashplayer enabled browser to view this YouTube video

Phishing scams, much like identity theft, are on the increase, mainly because they have proven to be so successful for those behind them. There are thousands of cases of people giving up valuable information, such as passwords, credit card numbers, bank account numbers, PIN numbers and social security numbers, to the people who have sent them phishing emails.

‘NO AUTOMATED DEFENCE’

For most areas of internet security I would advocate installing anti-virus software and a firewall. Where phishing emails are concerned, however, neither of those will offer any level of protection as there is no malicious or suspect code contained within them. Likewise, phishing emails are unlikely to be blocked by spam filters as they have, by design, been made to appear as they came from a legitimate source.

Those reasons are exactly why hackers and scam artists are increasingly resorting to phishing attempts.

As mentioned earlier, scam artists behind phishing emails are smart and know how to create emails and websites that look like they are official and from well know companies or organisations.

Some of the companies used in phishing emails are –

  • Barclays Bank
  • American Online
  • Sony Ericsson
  • Bank of America
  • Wells Fargo Bank
  • Paypal
  • eBay
  • Walmart
  • Chase Bank
  • Best Buy
  • MSN
  • Comcast

Of course that list above is far from exhaustive and just about any institution, financial or otherwise, could be used by these scammers. The fact that those names are so well-known is why they are used by phishers. They are capable of reproducing websites that appear to be totally identical to the originals in every detail.

The only difference between the spoof websites and the real ones are the URLs, though the phishers will have done their best to hide that fact by, for instance, using subdomains (e.g. paypal.theirdomain.com) or by using numbers that look similar to letters (e.g. paypa1.com)

HOW TO AVOID PHISHING SCAMS

As mentioned earlier, there is no software-based means of avoiding phishing scams. Therefore, commonsense is your best defence – always exercise caution when replying to any email that requests personal information or passwords used for online sites that you use. Also, never click on links found in such emails – even if you believe the content of the message is genuine you should type their web address into your browser directly to ensure that you are visiting the correct site.

Here are a few  more tips for avoiding phishing scams –

  • If you believe an emailed request for information is genuine then call the company to confirm before entering data on a website
  • If you need to enter sensitive information on a website then look for a padlock in your browser’s status bar to signify that you are on a secure site
  • If you believe that you have fallen victim to a phishing scam then contact the bank, credit card company, etc, immediately so that they can freeze your accounts

Have you got any further tips on avoiding phishing scams?

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Comments

  1. I regularly mark all my junk mail as phishing scams and still get mail from the same source. Does marking it a scam do anything at all?

  2. Trevor says:

    I would imagine most people know what phishing is already but that is an excellent and comprehensive article all the same.

  3. More than 5 million U.S. consumers lost money to phishing attacks during 2008. A recent Gartner survey
    reported that of those who received phishing emails and repsonded an average of $351 was lost per incident.

    Like you said, common sense is the best defense, but using Web of Trust also helps because even experienced users can fall prey to online scams, rogue software, phishing and other security threats. WOT is frontline protection that warns you about risky sites before you click! It works with the top three web-based email programs – Gmail, Yahoo mail and Windows Live Hotmail – and also when you are surfing and browsing the Web. We even have a video about WOT’s protection against email scams. See it on youtube, http://www.youtube.com/watch?v=JuKS-AIl9Qc

    Please give WOT a try. It’s a free download for Firefox and Internet Explorer.

    Safe surfing,
    Deborah
    Web of Trust

    • Hi Deborah, I just watched the video (nice choice of Pink Floyd for the music btw) and liked the idea of the WOT icons next to links in emails.

      They’d serve as a prompt to stop and think before clicking if nothing else.

      I’ll view some more of your videos and site later to get a better idea of what WOT is all about..

Trackbacks

  1. […] machine somewhere in the middle of Iowa. Or you can get that same credit card number by running a phishing scheme on one of your many web sites. No matter what you try to do, if you have nerves of steel and a […]

  2. […] links in emails to visit your banking site (such links are almost certainly false and will lead to phishing sites) 30. E-cards are nice but if you don’t know the sender then you really shouldn’t […]

  3. […] Anti-Virus * Anti-Spyware * Anti-Phishing * Anti-Rootkit * Firewall * Identity Protect * Technical support service and automatic […]

  4. […] Of Email Is Spam Says SymantecWhat Exactly Is A Phishing Scam?Phishing Cartoon Drives The Message HomeAvoid Identity Theft By Knowing The 5 Ways Its […]

  5. […] If not then please read What Exactly Is A Phishing Scam? […]

Speak Your Mind

*