‘Phishing’ is a malicious act by online con artists using emails that are supposedly from reputable companies. The purpose of these emails is to lure recipients into submitting personal data and information that can then be used for illicit transactions. The term ‘phishing’ is a simply a purposeful misspelling of ‘fishing’.
This is because phishing also involves throwing out bait — in the form of fake emails — and hoping someone takes this bait and becomes ‘hooked’. The emails can look quite real and will usually appear to be from large companies financial institutions or popular retail sites. Basically, any company where people are likely to have financial accounts or personal accounts that could be misused, can be used as the alleged email sender. The emails will usually inform you about some urgent matter like suspect account activity, suspension, financial transaction and others in order to get you to quickly click the link inside.
The email will include a link for the recipient to click on so that they can be taken to the correct site and page to rectify the problem. But this link will not lead the real site; instead it will take the person clicking it to a clever imitation, often a clone of the company’s official site. This can be achieved by copying the HTML code of the official site page. If the fake site is not a clone, another technique is to dress up destination page to look official. The page will normally include identical graphics, images and brand logos as the real company, in order to fool a visitor that this is an official page.
Once on these fake phishing sites the visitor will be urged to fill out forms using personal data, such as: bank account details, credit card numbers, social security numbers, passwords, etc. Anything that could be used to access the visitor’s financial accounts, or data that could be used to make illegal purchases using the visitor’s payment details, is often the target.
The best way to avoid these phishing scams is to be extra vigilant when opening emails received from well-known companies (like eBay and Amazon) and especially from banks and credit card companies. These companies will never ask for personal data, or if they do they will only ask for a section and never account details and a password.
Another giveaway can be seen when hovering over the link in a potentially fake email: If the destination address that appears at the bottom of a browser is indicating that you would be taken to a completely different address than the link, or one that is obviously not a site connected to the alleged email sender —this is a phishing scam. If you are in any doubt that an email is a phishing attempt, contact the company directly (that it is supposedly from) and inform them of the email you have received. They will be able to confirm whether the email is real or fake.
You can never be too prudent with these types of scam online – if con artists get a hold of your personal information, they can really mess up your life. Use the above tips and stay safe.