Phishing is an attempt by a scam artist to trick you into revealing personal information such as an account name, password or even your social security number. It normally begins with an email; common phishing emails are:
- Someone asks for your help to transfer money out of a foreign country. They need to use someone else’s bank account because theirs has been frozen by the foreign government. If you let them deposit some large amount of money in your account you can keep 10% when you transfer the rest to an account they will provide. In reality what will happen is they will take all the money out of your account.
- A bank will contact you saying there is a problem with your account. For your protection they have frozen your account until you login and verify some information. In reality you will be giving your bank account name and password to a criminal who will empty your account.
- One of the popular social media networks will contact you saying you have a new friend, or follower, or something. If you click the link you will be giving your social media password to criminals who will try using that to access other accounts.
Most often these emails will direct you to a web site where you can take whatever action is needed to “address the problem”. The real problem is the web site is fake and stealing your information.
Think you are too smart to fall for one of these scams? Well, I have a test for you. If you want to jump right to the test you can click either of these two links to take a phishing test offered by two reputable companies. If you want to know what to look for before taking the test keep reading and come back to the links.
Here are common things to look for to spot a phishing attempt:
- Poor grammar or misspelled words – the scammers are often from foreign countries and English is a second language
- The letter is not addressed to you by name but rather to “Customer”, “User”, or simply to your email address
- You are urged to act quickly because there is a problem, risk a loss, or face legal action
- The email’s from address doesn’t match the business name – legitimate businesses (with a possible exception of small local business) do not send from Yahoo, Gmail, Hotmail, etc. accounts.
- The email is from a business or social media service you do not use
- Banks and social media companies will NEVER ask for personal information in email
- The link in the email doesn’t go to where it suggests it does. Hover the mouse over the link WITHOUT clicking; at the bottom of your email or browser window you should see where the link will take you. The text in the email is just for you to read – never trust it. If what you see when you hover doesn’t match what you see in the email it is a phishing email.
Now that you know what to look for go back and take the tests. How did you do? Was it harder than you thought? Share your results in the comments. Here is my advice; when in doubt throw it out. Never click the links in the email, instead login your account using the site’s published website name. If you are really concerned call the business at their published phone number (not one in the email). If you don’t know the publish website name or phone number use your favorite search engine to look it up.
So why is phishing so dangerous? You might think it is no big deal if someone gets your password to Facebook. They worse they could do is unfriend people, post something embarrassing, and so on; right? Unfortunately no. Most people use the same login name and password for all their accounts. So if someone tricks you into logging into a fake Facebook page they use try that same username and password on Amazon, Apple’s iTunes, Paypal, and so on. They can also use that username and password on any site that allows you to login with your Facebook account.
In my next post I will share how to come up with strong passwords (something hard to guess) and ways to protect your usernames and passwords so that if someone does get your information (from a data breach or you fall for phishing scam – it happens) you can limit the damage. Stay tuned.