How Does Phishing Work?by Mackenzie Wright
One day you may get an email from what appears to be a legitimate business. It may be your internet service provider, or your bank, telling you that there is a problem with your account or that you need to verify information. The email may also appear to be from a merchant, such as eBay or Amazon, stating that your expensive credit card order has gone through and that if you want to cancel it, you must visit the website within 24 hours before the item is shipped. Of course, since you never ordered anything, you might be concerned that someone has stolen your credit card or hacked into your computer.
In reality, these emails are not from your internet service provider, bank or any reputable merchant. They are actually from a con artist who has created an official-sounding screen name and authentic-looking email to alarm you about some problem. The email will direct you to a link to resolve the issue.
When you click on the link, you will find what appears to be the website for the business that has emailed you, with the logo and official format. However, it is not the authentic business' website; it is the creative work of a con artist who makes a faux website look like the real deal.
The message at the website will prompt you, for security purposes, to enter your information, such as your name, billing address, password and credit card number. If you were to enter any of this information into this fake website, the con artist would have all of your private information. Within a day or two, the con artist will abandon the email address and website.
In the meantime, the con artist would use your credit card and verification information to make purchases. He would be able to sign in to your bank account and withdraw or transfer money. He would also set up email accounts and websites in your name and under your account that would send out emails to scam other people in the same manner. In fact, the first time you become aware of the problem might be when you get email warnings accusing you of sending out phishing scams. By then, it will usually be too late.