 One of the most dangerous threats online today is the growing use of phishing messages. These scams use email messages to deceive you and trick you into clicking a link or taking action. Although phishing messages present great risk, they are also a threat that you can minimize by using precaution when reading email messages. We’ll take a look at how phishing scams work and how to avoid falling prey.
 Phishing Basics | 
This email message is a classic example of a phishing message that presents several red flags. The sender’s email address is not from the company’s domain (in this case, capitalone.com). Also, the message uses a scare tactic to entice the recipient to click the link and enter personal information to verify an identity. |
In many ways, phishing messages are similar to Trojan horses, in that they pretend to be something that they are not in order to elicit a response from the recipient. How phishing messages are different than Trojan horses, though, lies in the way that a phishing message is linked to a deceptive Web site. Below is a summary of the steps involved in a phishing scam.
Step 1. An attacker sends an email message, which appears to be from a legitimate source, such as PayPal, eBay, the IRS (Internal Revenue Service), or a bank or other financial institution. Typically, the body of the message urges the recipient to take immediate action in order to avoid bad consequences. The message also contains at least one URL.
Step 2. The recipient believes the message to be from someone other than the attacker and clicks the link in the email message.
Step 3. The recipient is taken to a “spoofed” Web site that looks like that of a legitimate organization. | 
This is clearly a phishing message. Although this message appears to come from someone at citizensbank.com, you'll see that the URL in the message is to a different URL. Also, the message promises better security and threatens problems using the bank account if the user doesn't click the link and enter personal information into a Web form.
|
Step 4. The Web page presents a form and asks the user to enter personal information, such as name, Social Security number, a bank account number, or credit card information. Usually, the Web page is designed to entice the user to enter this information by claiming that it is necessary to verify the user’s account, avoid legal or investigative action, or complete a transaction.
Step 5. The information from the form is sent to the attacker, who can then use your information in a variety of ways. Some possibilities are that the attacker might purchase items with your credit card, withdraw funds from your bank, gain access to your online user accounts, or even steal your identity.
Don’t Become A Victim
There are a couple of basic rules to avoiding becoming the victim of a phishing scam. First, don’t click a link in an email message to get to a Web page unless you are certain who the message is from. The message may appear as though the link is sending you one place, but in reality, it’s sending you to a completely different URL. Second, if you have any doubt about the authenticity of a message, contact the company directly using the phone number on your most recent statement. Do not contact a company using the contact information provided in the email message, as it may be fraudulent, as well. If you are alert for possible phishing messages and take basic precautions, you can keep yourself safe online. 
by Kylee Dickey
Warning Signs Of Phishing Bait
Demand for immediate action. Most phishing messages and spoofed sites demand that you take action immediately.
Request for personal information. Under the guise of updating records or proving your identity, a spoofed site will usually request personal information, such as your Social Security number, online passwords, or financial information.
Use of fear tactics. Often, a phishing message uses fear as a motivator. For instance, the message might claim that the IRS (Internal Revenue Service) will take action against you, your PayPal account will be disabled, or someone will steal your identity or money if you don’t respond.
Use of enticing offers. Some phishing messages do not rely on fear tactics but instead entice recipients with offers that are too good to be true. For example, a message might claim that you have won a lottery and only need to visit a site and enter some personal information to prove your identity and claim your cash prize.
Email clues. If the message is not addressed specifically to you, it’s a good indication that it’s from an attacker who has used a mass-mailing program to send it to as many people as possible, hoping that at least one person will take the bait. Look not only for your name in the body of the message but also for your email address (and your email address only) in the To field of the message. |
|
Email This
Print This
