Phishing refers to fraudulent schemes designed to trick potential victims into giving up personal information such as account passwords and confidential banking information. The term phishing is actually a play on the word "fishing," because the scammer is fishing for information.
While phishing is increasingly being done via text messaging and instant messaging because of the popularity of smartphones, the majority of attacks are still perpetrated through e-mail.
These fraudulent messages often look like e-mails from legitimate sources like your bank, your Internet service provider, your university, a website service you use or a government agency. Fraudsters go as far as copying an institution's logo and message format and creating fake copies of legitimate websites just to dupe targets into giving up passwords and other account information. Cybercriminals then use the information they harvested to steal money from the victim’s account and commit identity theft.
If you receive a message from a web site or your bank urging you to update your account or provide confidential information, such as a PIN, password or a social security number, you could be the target of a phishing scam.
Here are 5 red flags to watch out for to tell if you're being targeted:
Unofficial “from” address
When dealing with e-mail communications, always check the sender’s address. Most phishing scammers use e-mail addresses that look similar to the company they are posing as, like @mircosoft.com to make it seem legitimate. In other instances, they try to replicate a legitimate company's e-mail address by using the company’s name as a username in a free e-mail service. For instance: firstname.lastname@example.org.
Phishing e-mails are usually sent in bulk. As such, most of them use a generic greeting.
Poor spelling and bad grammar
Scammers are not known for their grammar and writing skills. If a message is riddled with grammatical and spelling mistakes, there’s a good chance you’re looking at a phishing e-mail.
Urgent action required
To coax potential victims into acting on the phishing e-mail, fraudsters often create a sense of urgency by claiming that the account has been closed or is about to be suspended. So be wary of e-mails messages demanding urgent action.
Intentionally misspelled URLs and no “https”
To make the scam more convincing, thieves create fake websites that resemble the websites of the company they are posing as, and they even register domain names that are misspelled versions of the real ones. Another indicator that you are looking at a fake website is the absence of “https” before the address. The “s” stands for secure, and phishing websites don’t have them.
Here is an example of a phishing e-mail with the warning signs highlighted.
Protect your confidential business informaton with logical access control. Ask our ID experts about ID cards that double as access control cards at 1-800-667-1772 today. You can also reach us using our contact page.
For Further Reading: