We Know: All About Phishing Scams
What is phishing?
Phishing is a scam in which people who are interested in defrauding you of your money send emails out at random in an attempt to trick you into telling them your personal information: social security number, bank accounts, passwords and logins, and other things like this. It is a crime in many states, and there is currently federal legislation pending to make it a federal crime in the US. It is already a crime in many other countries.
How does phishing work?
Phishing is a type of online scam known as a social engineering tactic in computer security circles. The perpetrators of a phishing scam send you an email that "spoofs," or mimics, an email sent to you from an online provider that you actually trust, like AOL or PayPal. The email you are sent generally alerts to to some sort of problem (the classic one being that your account has been hijacked by fraudulent means, which is a self-fulfilling statement) and asks that you click a link included on the email. This link will take you to a page that asks for your old login and password, and lets you "change" your information to a new login and password. What's actually happening is the phishers are collecting your login and password to access your account themselves! Once they have this information, they can collect more information on you and, depending on what service you just gave them access to, clean out your bank account, hijack your email accounts, or gain control over your credit.
What should I look for?
Fortunately, phishers aren't the brightest crooks around, and many of them are foreign and have a questionable understanding of the English language. The first tip-off should be an email that doesn't quite sound professional, or that has misspelled words and bad grammar. The second tip-off is that 99% of those who provide you with services online aren't going to email you and ask you to click a link to solve your problem; rather, they'll call you, send you a letter, or ask you to go to their website (no link included) and change your information from there. You should also look for the "invalid server certificate" message when you go to their website; if it's invalid, call in your changes, and look up the phone number somewhere other than the website that's invalid (phone book, old bills, or directory assistance).
How can I protect myself from phishers?
To protect yourself, never click on links in emails warning of a problem or asking you to change your information. Even though you may not provide the information after clicking, a spoofed page that looks like AOL or your bank may load malicious spyware or other software onto your computer, even if you have a firewall and other protection against it. Always call in changes to your important financial accounts. For online accounts like Paypal and eBay, type in the name of the website by hand rather than using any kind of link. Links are very easily spoofed; you can see where they're really sending you by hovering your mouse over the link for a few seconds and waiting for the yellow tag window to show up.
What does the future of phishing look like?
Unfortunately, as long as people fall for the scam, phishing will survive and flourish. It's a relatively new crime, and the legislation necessary to make it illegal in the US and many states is still going through the process of becoming law. Even after it's been made illegal, there may be no recourse for those who are scammed, as many of the phishers are located in Uganda, Nigeria, Russia, or other countries where our legal process doesn't reach. In the US alone, scams have cost consumers over $1 billion in theft and businesses about $2 billion in lost business -- and it's only been a popular scam for a little more than a year! Instead of becoming part of this growing statistic, don't bite the bait phishers dangle. Reach for a phone before clicking the link.