So, what exactly is phishing?
Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company asking you to provide sensitive information. This is usually done by including a link that supposedly takes you to the company’s website where you are asked to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam.
The term ‘phishing’ is a pun on the word fishing because criminals are dangling a fake ‘lure’ (the email that looks legitimate, as well as the website that looks legitimate) hoping users will ‘bite’ by providing the information the criminals have requested – such as credit card numbers, account numbers, passwords, user names, and more.
Here are some clues that usually indicate an email is a scam:
- The email is not addressed to you. “Dear Customer” isn’t an identifier
- You don’t have an account with the company, or haven’t used the company’s service
- Grammatical errors. Usually, you’ll notice weird capitalizations and terrible grammar.
- They push you with urgent messages to open attachments or click on links.
- If you hover over links with your mouse, you’ll see the URL destination on the bottom of your browser. You can clearly see that all links send you away from the company site—or they try to fool you by adding the company name somewhere in the URL.
So how can you guarantee you don’t fall for a phishing scam? Apply these two actions consistently and you will be nearly 100% protected from online scams:
- Drive, don’t be pulled. Stay in the driver’s seat by finding the website yourself. This is the ONLY way to guarantee you land on the legitimate site. If you use the link (or phone number) in an email, IM, ad on a website/blog site/forum/social network/text message, etc., where you land (or who you talk to) is their choice, not yours. The website they take you to (or the ‘bank manager’ on the phone) may be a very convincing copy, but if you enter your information it will be stolen and abused. Instead, use your own link. If you use the company, you may already have a bookmark for the website you can use, if not, use a search engine and type in the company’s name, then use the link from your search engine to go to the correct site. If the email is legitimate, you will see the same information when you log into your account on the legitimate site.
- Install or activate a web tool that identifies malicious sites for you so you know the website you find is legitimate. There are several tools that will do this for you. Every standard browser now has a tool you can turn on to alert you if a website you are about to click on, or just clicked on, is safe or malicious.