Phishing is a scam that involves tricking people into providing sensitive financial or personal information for malicious use. Phishing scams tend to go after credit card numbers, bank account numbers, and social security numbers. They can also be used to try to steal passwords to your various online accounts such as your MySpace account.
You can avoid phishing scams with a little common sense and by recognizing potential phishing scams before giving out your account information.
Phishing e-mails – This is the most common way that scammers ‘phish’ information from people. You might receive an e-mail or instant message that appears to come from your bank, credit card issuer, or even a service such as PayPal. The e-mail may ask you to reply with your account number and password or provide a link that you are instructed to click on to log into your account.
No financial institutions or really any website that requires a log in password will ever ask for your account numbers, usernames, or passwords. If you get an e-mail like this, notify the company that it appears to be coming from right away. Don’t reply to the e-mail, and never click on the included link. The link could include viruses such as keyloggers or could take you to a phishing site.
Phishing links – As mentioned above, some scammers place links in these e-mails that claim to be a secure link to the company site that they are pretending to be. Clicking on the link may very well bring you to a page complete with official logos of the real company and may look identical to you bank or credit card log in page. Same goes for phishing links for sites like MySpace and PayPal. Usually the actual html link is slightly different, but people miss that detail and ‘log in’ through these fake pages anyways.
These fake links are just found in phishing e-mails however. Some websites have reported that scammers have been duplicating their main websites to look identical to the actual website. These links are then placed in various places online and advanced scammers will even try to hijack sites to redirect them to the fake site.
Always check your browser address bar before logging into any log in page. Type in the address manually if you’d like and ensure that address is the same once the page loads. Be wary of misspelling a link. Sometimes this can take you to a site that looks real, but is just a phishing site made in hopes that mistyped addresses go unnoticed.
A word about vishing scams –
Vishing scams are relatively new and are basically phishing scams using a phone or voicemail service. You can read about vishing scams in this article: How to Avoid Vishing Scams.
Is my credit card or account information at risk?
As long as you only enter in your information on secure websites that you are sure are the actual site your bank, credit card, or online profile you should be safe. As always, keep an eye on your bank and credit statements for unusual charges, log into your accounts regularly to look for unusual changes or password changes.
Phishing scams can appear in your inbox or on a website at any time; your best defense against phishing scams is to type in and verify the website address whenever you log in to an account. Never click through to links in e-mails or reply to e-mails/phone calls asking for account information, banks and secure sites will never ask you to do this.