What is a phishing scam?

A phishing scam is an identity theft scam that arrives via email. The email appears to come from a legitimate source, such as a trusted company or financial institution, and includes an urgent request for personal information, often invoking some critical need to update an account immediately. Clicking on a link provided in the email takes you to an official-looking website. The personal information provided on this website, however, goes directly to the scammer.

Phishing scams often target personal information such as your social security number.

Fraud is a growing problem on the Internet as people are tricked into giving out personal information including credit card numbers, passwords, mother’s maiden name, bank account numbers, ATM passwords and social security numbers. Virus protectors and firewalls miss most phishing scams because they don’t contain suspicious code, while spam filters let them through because they appear to come from legitimate sources.

Computer viruses can be part of a phishing scam.

The links included in phishing scams take the unsuspecting person to a fraudulent website designed to mimic the real thing, often down to the smallest details, including copyright notices, submenu titles, and so on. It’s virtually impossible for most people to know they’re a phisher’s target just by looking at the site. However, clues in the address can sometimes reveal the deception.

Phishing scams may attempt to obtain credit card information for fraudulent purchases.

Similar looking characters can be replaced in the link spelling with the actual character so that a “1” (numeral one) is used in place of a lowercase “L”. For example, phishers used paypa1.com instead of paypal.com. Other times, an IP address – a numeric address – is used to hide the fact that the link is not taking the victim to the real website. However, phishing scams have become so sophisticated that phishers can also appear to be using legitimate links, even the security certificate of the actual website.

See also  What is a wireless gateway router?

The best way for someone to protect themselves from phishing scams is to avoid providing personal information in an email request. If the request is legitimate, the company’s customer service department should be called to verify the request before providing any information; any phone numbers contained in the email, if any, must not be used. Even if the request is legitimate, one should manually enter the required address into the browser rather than clicking on a link, as a phisher scam can run concurrently with legitimate business.

For example, in early April 2005, a mass email that appeared to be from Microsoft Corporation urged recipients to download a long-awaited security update. Those who clicked on the link in the email were directed to a site that looked like a legitimate Microsoft update site. Instead of updating the software, however, they were actually downloading a Trojan horse – a remote access program that can steal personal information. Microsoft does not use email notification in this way, but many users have been caught unaware.

The famous “letter from Nigeria” was another type of phishing scam. This type of scam is so common that it has its own name: scam 419. The phisher pretends to be a Nigerian officer in distress by demanding a US bank account to offload money. The person who allowed the temporary use of their account would receive a nice reward. Instead, those who provided their banking information become victims of theft.

In the United States, the Federal Trade Commission (FTC) and other institutions have focused on public education to combat phishing scams, as phishers are difficult to catch. Scam sites operate for very short periods of time and scams are often carried out in other countries. In March 2005, Microsoft opened 117 phishing lawsuits in the Western District of Washington with unidentified defendants.

See also  What is a log file?

The Anti-Phishing Working Group (APWG) is an international organization of volunteers working to track phishing scams. Their website keeps an online database of fraudulent emails submitted to them. You can check this site for new scams, or send them phisher email you receive. The APWG is largely an information hub but they do provide links to consumer resources. The FTC also has advice for consumers, an email address for reporting phishing, on their website.

The so-called Nigerian scam is believed to have originated in the African nation in the 1970s.

Leave a Comment