Phishing, pronounced like “fishing”, is where a malicious website is set up in order to trick users into divulging personal information such as log in credentials, credit card, banking, or other private information. These website can look very convincing, mimicking a bank website, or a credit card website, or even a social media website log in. The website is meant to fool the user into divulging private information. Many of the sites will actually take in the information that is typed in the form, and then send the user over to the real login website, so that the user thinks that they just didn’t put in their log in information correctly, and never realize that they just gave away their personal information to a scammer.
Most phishing starts via the email inbox. Compromised email accounts will send out hoax emails that contain links to phishing websites that try to mimic a legitimate website. The messages will vary, such as faux emails about “A Recent Money Transfer”, “Account Overdraft Notice”, “Urgent Message from your Bank”, or something like “Your recent purchase at eBay”. Some of the emails even appear very realistic, and often times contain logos and colors that the actual company uses. The emails almost always contain links that take the user to a phishing website where their personal information is “fished” right out of their unsuspecting victims head. Always be on the look out for suspicious emails that don’t seem legitimate, or possibly don’t make sense.
In order to avoid this scam, always be sure that you are on a legitimate website domain. Check the URL bar for inconsistencies such as misspellings or mangling of the real domain like “bank0famericas.in” or “usbank.com.baddomain.cn” or “faceb00k.ru”. Also always check for domain TLDs to ensure you are on a .com, .org, .net and NOT a .cn, .ru, or .in to name a few of the most commonly seen scams.
Another way to protect yourself from Phishing scams is to always ensure that the website your are logging into is secured via HTTPS. Most phishing websites will not have a valid SSL certificate and this is a dead give away that somebody is trying to do something nasty to you!
Some email links look suspicious however turn out to be legitmate. A great example of such a situation is the Healthcare.gov email notices that come from a third party company known as govdelivery.com. The emails appear to look like the Healthcare.gov logo and color schemes however the links in the emails go to “govdeliver.com”. This company tracks the link clicks from the emails before sending the user over to the healthcare.gov website. It appears very “phishy”, however has been verified as trusted by the US government. So you can see how confusing this area of internet security can sometimes become.
If you think you have been the victim of a recent phishing scam then you should be proactive about securing your accounts. Try to remember what log in information or personal information you divulged. Change your account passwords. Contact your bank if you notice any fraudulent behavior with your bank account. Contact the police or FBI if you think you are a victim of identity theft. Seek the advice of a computer repair expert if you think you may have installed malicious software or programs onto your computer by visiting a phishing website.
It is difficult to know for sure if you are dealing with a real website or a fake website. As with all Internet activity, keep your “street smarts” about you at all times. If it seems fake or out of the ordinary, then it IS!