Techreluctant.com

Phishing is when someone tries to get your information by pretending to be someone they are not. It is called phishing because they’re trying to hook you, or, more specifically, hook information from you such as your banking information, credit card numbers, social security/social insurance number or usernames and passwords for your Internet or email account. Once a person gets these they can take your money, steal your identity, and/or use your email account to spam, or for who knows what kind of illegal activity. So it pays to be careful whenever you receive an email asking for such information.

Phishers are good. I know all about them but they almost fooled me once. I mean they almost had me hooked, I had my mouth open ready to bite but I knew to be careful and was one of the lucky ones that got away. It was a very official looking email from my email provider, or at least I thought it was. It said there were problems with my account and to log in using the link provided. The warning about my account was scary and my first instinct was to address it right away. But then I thought to be cautious and I hovered my mouse over the link in the email (using my mouse, I put my cursor over the link in the email but I didn’t click).  Doing that, I saw the actual address the link would send me to and it was not the address of my email service provider. This is one way to avoid phishing scams. But again, be careful because they might use a simple misspelling to trick you. Instead of “yahoo.com”, the link might send you to “yahooo.com” and by just glancing at the real URL (web address), you might miss that extra “o” and get into a heap of trouble. You could get to the site they linked you to and it would look exactly like the website of your bank or that auction site you always use, but looking up at the address in the top of your browser, you’ll see it is not that site.

Besides ensuring that a link is for real, there are some very simple things to remember in order to avoid phishing scams. Banks, Internet Service Providers, online auction sites like eBay, or payment sites like PayPal, will not email you in order to ask for your account information or your credit card information. If in doubt, call the company or contact the company on their website by typing their website address into your browser. If an email includes a form for you to fill out, asking for any personal information, usernames, or passwords, don’t do it. And beware of sensational subject lines meant to make you scared enough to forget common sense security, such as “urgent - your account details may have been stolen” or “Online Banking Alert”.

Here is a link to some more tips about phishing from the Anti-Phishing Working Group (APWG). My last piece of advice about how to avoid being caught in a phishing scam is to doubt all emails from organizations. You can’t be too careful and no respectful bank, credit card company, or any other organization that deals with your private information, would ask for that information over an email anyway. Again, if in doubt, contact the organization (but not through the email they allegedly sent you). And when the bad guys go phishing, make sure they end up empty-handed.