Did you know that emails appearing to come from companies you trust and know may actually be from criminals trying to steal your money or identity? Because they are so successful at duping people, “phishing” emails have quickly become one of the most common and devastating scams on the Internet.
Phishing scams use spoofed (meaning faked or hoax) emails and websites to trick you into revealing your personal and financial information. By using the trusted brands and logos of online retailers, banks, or credit card companies, phishing scammers trick surprisingly large numbers of people. The phishing email directs users to visit a website where they are asked to confirm or update personal information such as: passwords; and credit card, social insurance and bank account numbers. In doing so, people are tricked into giving this information directly to cyber criminals, who, in turn, use it for identity theft, financial theft or other cybercrimes.
Cyber criminals do their best to make phishing messages look official and legitimate. They will mimic real communications from the company or entity they are supposedly from by using the same layout, fonts, wording, message footers and copyright notices, etc. as official messages. They will often include corporate logos and even one or more links to the alleged sender’s real website.
To make it more likely you will fall for the scam, phishing messages commonly involve urgent scenarios. They may suggest that you must reset your password because your account has been compromised by hackers or they may request that you login to your account to review an invoice or deal with an outstanding payment. Another common phishing scam is a call from someone claiming to be from Microsoft who will tell you your computer is infected and that you must go to a special website to download an update that will fix the problem. Phishing scams can also be a request to complete a survey or to give information to collect a prize you have won. They can also be requests for money supposedly from someone you know who is allegedly stuck in a foreign city after being mugged.
Many phishing messages will include a link or attachment that you are asked to click so you can update your information. After doing so, the webpage or attachment you will see (which will also have text and logos to make it look official) will prompt you to enter your name, account number, password and other personal information – thereby giving it to cyber criminals.
To make matters worse, clicking on links or attachments in phishing messages often causes malware to be downloaded to your computer as well. Could it happen to you? Would you fall for a phishing scam? Always remember that legitimate companies will never ask you to update your personal information via an email message. Don’t get tricked by phishing scams. See the “Could it happen to you?” column in LAWPRO Magazine to learn how to recognize and avoid phishing scams.