A Closer Look: Definition of Phishing
In order to catch some fish, you must first have some bait. The same goes for computer phishing.
The term phishing means the fraudulent attempt to get a person's private information (i.e., username, password, account number, etc.).
Phishers send an email pretending to be from a legitimate company and 'bait' you to provide your private information. Typically the email will address you as a customer and will direct you to click on a link to provide critical information to avoid a looming problem which they have discovered. This link will be to a false website - not the website of the legitimate company.
Basically, they are 'fishing' for people's information to use illegally. Phishing is a very sophisticated scam and many individuals and companies have been fooled, resulting in the theft of their sensitive information as well as millions of dollars every year.
How Phishing Works
Although there have been cases of phishing by phone, it is overwhelmingly conducted by email. The email is usually designed to look like it is sent from a real company, such as a bank, online retail store, or credit card company. The logo and even the email address will appear to be from the legitimate company.
Typical Phishing Bait
The 'bait' for personal information is often contained in the email's subject line. The subject usually contains a sense of urgency. For example, "Your account needs to be verified" or "Your account is about to be suspended."
Consequences if You Take the Bait
Successful phishing attempts result in an individual clicking on the link supplied within the email. Once forwarded to a fake website, a person is then prompted to enter personal details such as their account number, password etc. After this is done, the phishers use the personal information to steal the person's identity and/or money from their account.
Phishing In Corporate Computer Networks
More sophisticated phishing scams have involved trying to hack into a company's computer network. Emails are sent to employees asking them to update their username and passwords. Phishing attacks have affected well-known companies and their customers, such as eBay, Bank of America, and PayPal.
Social networking sites have also fallen victim to phishing. Facebook members have received an email purportedly from Facebook, and after entering login details (on a replica of the Facebook homepage) the phishers uses the information to send the same emails to the person's friends.
The email looks like it is coming from the Facebook member and has contained the subject line, "Check this Out" or simply "Hello." As you can imagine, having such access to social network members can be used in any number of ways such as infecting computers with viruses, spywares, and/or stealing identities.
Ways to Avoid the Bait
There are ways to prevent being phished. Although some phishing attempts can be highly targeted, there are key aspects to be aware of that can help you avoid being a victim:
- Never click on a link within an email requesting that you enter your username, password, credit card number, etc. The link can be bait for phishing and it could also be malicious and install spyware onto your computer.
- If you have any doubts about whether an email is real, contact the company directly to check on the authenticity of the email by using the phone number or email address on their website.
- Do not open any 'fishy' emails. Delete immediately and emails that have misspellings, poor graphics, unusual or long URLs or emails which include a long cc list of other email addresses.
Other Preventative Measures
Here are some tips to prevent yourself and others to limit the effects of phishing:
- If you suspect an email is a phishing attempt, contact the company directly. As soon as they know, the quicker they can alert others and stop the scam.
- Make sure that you have unique usernames and passwords for each account and website you regularly visit.
- Install spyware and/or a browser that alerts users to phishing websites.
Additional Resources
To read more about phishing, you can visit the following websites:
- FTC (Federal Trade Commission) has a Consumer Alert on "How Not to Get Hooked by a 'Phishing' Scam."
- Microsoft has some helpful tips on avoiding email scams.