How Does Phishing Happen?by Kevin Lee
OnGuardOnline.gov features a Phishing Scams game that helps people learn how to protect themselves from this dangerous Internet threat. Phishing occurs when someone on the Web pretends to be someone they're not to trick you into providing confidential information. For example, if you receive an email that looks like it came from your bank, it may be from criminals seeking to lure you into giving them your account data.
Many phishing scams arrive in the inboxes of victims who fall prey to these swindles. Fake email messages may have official-sounding subject lines such as, "Your Account Information Needs Updating," and they may appear to come from an organization you trust. Some scam artists impersonate the PayPal online payment company and send out email messages that resemble those you may receive from the actual PayPal site. PayPal, for its part, assures customers that PayPal email messages will never ask for personal information or information about your account.
Even if you don't use email, you can still become a phishing scam victim by visiting a website that's not what it seems. The U.S. Computer Emergency Readiness Team asks people to pay attention to URLs that appear in their browser's address bar. A fake website may have a URL that is almost identical to one you trust, but the spelling may be slightly different. The site may also have a domain of ".org" when the actual domain of the site you're looking for is ".com."
Many fake phishing email messages don't provide detailed information because phishers may not know who you are. For instance, if phishers send out messages that look like they come from a bank you trust, they probably will not address you by name. PayPal tells clients to be on the lookout for email messages that do not use a person's name or their business’s name.
Reporting Phishing Attacks
The U.S. Computer Emergency Readiness Team collects information about fake email messages and phishing websites. If you discover a phishing scam, report it by sending an email to firstname.lastname@example.org. US-CERT also notes that you can receive bogus email messages from organizations that appear to be charities. These types of email messages may appear when disasters occur or when newsworthy events happen. Reporting phishing scams helps US-CERT reduce the number of attacks that phishers initiate. Email clients such as Gmail and Yahoo also allow you to report phishing email messages that attempt to steal information.
In addition to using common-sense techniques to protect yourself from phishing attacks, pay attention to phishing messages that your browser may display. Browsers such as Firefox, Chrome and Internet Explorer have built-in anti-phishing protection that can help you spot bogus websites. Email services such as Yahoo and Gmail have built-in phishing features that can help you identify bogus websites. Norton Utilities, AVG and other anti-virus programs can also monitor your browser as you surf, and it can warn you of phishing threats.
- Zedcor Wholly Owned/PhotoObjects.net/Getty Images