What is Phishing?

Phishing Scams are a form of internet fraud designed to trick the recipient into giving up confidential information such as bank account numbers, passwords, user ID’s or Social Security numbers. The word “Phishing” comes from the idea that these con artists send out the email message as the “bait” to a sea of internet users. The spelling of “Phishing" comes from computer hackers who have a tendency to replace the letter “F” with “PH”.

How can I recognize a Phishing email?

Phishing emails look legitimate – the criminals do a very good job trying to duplicate the look and feel of the company’s web site. You’ll see the company’s logo, and perhaps the link you’re supposed to click is “almost” the same as the company’ (maybe something like verify-companywebaddress.com). Here are some characteristics that are shared by Phishing emails.

A generic greeting. The salutation on the message might say “Dear Valued Customer” or something similar. A legitimate email would most likely have your name in the greeting – not the case with Phishing! These email messages are sent out in bulk hoping to get a few responses.

A false sense of urgency. A Phishing email message wants to generate a sense of fear, urgency or panic in the recipient so they’ll quickly click on the link and give up their personal information. Some statements you might see in a Phishing email include:
- Your account will be closed in 24 hours if you don’t verify your account information.
- Your account has been suspended due to suspicious activity.
A request to verify your account information. Building upon the threatening and urgent tone of the message, a Phishing email will state that your account information needs to be verified immediately.

A link to click to gain access to your account. A Phishing email will conveniently provide a link for you to click to get direct access to your account, or to verify your account information.

Other things you can look for to determine if an email message is Phishing or legitimate include misspelled words, typographical errors, bad grammar, pop-up boxes, or attachments.

How do I protect myself from these types of Scams?

There are several things you can do to protect yourself from these Phishing emails. Here are a few suggestions.

Be skeptical. If you’re not sure about the validity of a message, err on the side of caution. These Phishing emails are designed to look legitimate. You can always verify the legitimacy of the message by calling your company directly. Use a phone number that you find on a printed account statement or one you obtain somewhere other than the Phishing email. Most companies will never send an email message asking you to provide or verify confidential information and will have a statement to this effect on their web sites.

Never click on a hyperlink in an email message. If you receive a message that asks you to log into your account, you can always open a new browser window and type the web address you know to be accurate into the address bar. The people who send Phishing emails are clever and will have the hyperlinks look legitimate.

Keep up to date with your Windows security patches, virus and spyware definitions. A lot of these Phishing emails contain a form of spyware in them. If a con artist is trying to steal your personal information using a Phishing email, what’s to stop them from sending a Trojan horse program containing a keylogger or other system monitor program along with the message?

The best way to protect yourself from Phishing scams is to make it a policy never to respond to unsolicited requests for personal information. If you want to verify the legitimacy of a message, do it over the phone – calling a number you have on your account statement – and talk to a representative of your company directly.

Email Phishing Samples

We have started a collection of actual email phishing letters to help educate you on how to identify these types of phishing scams.

Monster.com Phishing Letter