Define Phishing

In order to catch some fish, you must first have some bait. The same goes for computer phishing. The term phishing means the fraudulent attempt to get a person's private information (i.e. username, password, account numbers, etc.). Usually sent via email, phishers pretend to be from a legitimate company and 'bait' you to click on a link to a false website. Basically, they are 'fishing' for people's information to use illegally. Phishing is a very sophisticated scam and many individuals and companies have been fooled, resulting in the theft of their sensitive information as well as millions of dollars every year.

How Does Phishing Work?

Although there have been cases of phishing by phone, it is overwhelmingly conducted by email. The email is usually designed to look like it is sent from a real company, such as a bank, online retail store, or credit card company. The 'bait' for personal information is often contained in the email's subject line. The subject usually contains a sense of urgency. For example, "your accounts needs to be verified" or "your account is about to be suspended."

Successful phishing attempts result in an individual clicking on the supplied link within the email. Once forwarded to a fake website (which closely resembles the legitimate site), a person is then prompted to enter personal details. After this is done, the phishers use the personal information to steal your identity and/or money from your account.

More sophisticated phishing scams have involved trying to hack into a company's computer network. Emails are sent to employees asking them to update their username and passwords. Phish attacks have affected well-known companies and their customers, such as eBay, Bank of America, and PayPal.

Recently even social networking sites have fallen victim to phishing. Facebook members have received an email purportedly from Facebook, and after entering login details (on a replica of the Facebook homepage) the phishers uses the information to send the same emails to the person's friends. The email looks like it is coming from the Facebook member and has contained the subject line, "Check this Out" or simply "Hello." As you can imagine, having such access to social network members can be used in any number of ways such as infecting computers with viruses, spywares, and/or stealing identities.

How to Avoid the Bait

There are ways to prevent being phished. Although some phishing attempts can be highly targeted, there are key aspects to be aware of that can help you avoid being a victim.

  • Never click on a link within an email requesting that you enter your username, password, credit card number, etc. Plus, the link can also be malicious and install spyware onto your computer.
  • If you have any doubts about whether an email is real, contact the company directly to double check.
  • Do not open any 'fishy' emails. Delete immediately. Emails that have misspellings, poor graphics, or include a long cc list of other email addresses.

 

Other Preventative Measures

Here are some tips to prevent yourself and others to limit the effects of phishing:

  • If you suspect an email is a phishing attempt, contact the company directly. As soon as they know, the quicker they can alert others and stop the scam.
  • Make sure that you have unique username and passwords for each account/website you regularly visit.
  • Install spyware and/or a browser that alerts users to phishing websites.

 

Additional Resources

To read more about phishing, you can visit the following websites:

  •  Webopedia has an "All About Phishing" section
  •  Microsoft has some helpful tips on avoiding email scams