Reviews. Information. Tutorials.

What is phishing

How to tell if an email is a phishing scam.
February 03, 2006

Have you ever received an email that looked legitimate but just didn't seem right? If your answer is yes then you've probably been the recipient of a phishing email.

What is phishing

In simple terms, phishing is an attempt by someone to lure you into divulging private information about yourself and any accounts or credit card numbers they may be interested in. They try to make the request look as legitimate as possible so that you'll be tricked into thinking it is valid.

The most common method to lure people in is by sending them an email. The email may inform the user that their account details need to be updated or it may say something else but it will always lead to the user having to enter some sort of information.

Look alike

To make it seem like the user is being asked by the real company the phishers will even setup a website that looks identical to the site that they are purporting to be from.

Examples

Personal accounts (E.g. PayPal, Google) are probably one of the most popular phishing scams. The user will receive an email stating that their account needs to be verified or there has been a breach and they need to update some info.

Banks The email will state that there has been unusual account activity or something of the sort and will ask user to follow a link and fill out some info to ensure that the account isn't compromised. Failure to comply may result in your account being suspended.

eBay You need to update your eBay account for some reason that is given and you must do so to prevent your account from being suspended.

Most phishing emails contain some notion that your account will be disabled if they don't receive any information to "verify" your account. This creates a sense of urgency.

How to keep safe

Assume it's a fake

The best way to keep yourself safe from these types of attacks is to consider any type of email that you receive asking for information to be fake.

If you think the request may actually be legitimate (which is probably unlikely) then open up your web browser and type the web address in manually. So if you get a PayPal request for something then open up your browser and type in https://www.paypal.com

If the link says https://www.eBay.com/accountUpdate try to find out where it will actually go when you click on it. If you place your mouse over the link, in most email programs it will tell where the link is actually pointing to. The same goes for any web based email such as hotmail or gmail. Look at the bottom of your browser to tell you where the link is actually pointing to. If the actual link doesn't match what the email says then be very very suspicious.

If you do follow a link from an email, confirm the URL is correct in the address bar of your browser. Sometimes the scammers will use URLs and addresses that at a glance look like the real address but they are not. For example, gooogle.com (an extra o in the name Google).

With any luck, if you're smart about what you click on and what you don't you'll probably do just fine. Remember, most institutions will not send emails to you asking to update your information and many have policies outlining when they will contact you. If you want to be sure every time then visit the site directly.