Phishing is the term coined by hackers who imitate legitimate companies in e-mails to entice people to share passwords or credit-card numbers. Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by
phishers include
PayPal, eBay,
MSN, Yahoo,
BestBuy, and America Online. A
phishing expedition, like the fishing expedition it's named for, is a speculative venture: the
phisher puts the lure hoping to fool at least a few of the prey that encounter the bait.
Phishers use a number of different social engineering and e-mail spoofing ploys to try to trick their victims. In one fairly typical case before the Federal Trade Commission (FTC), a 17-year-old male sent out messages purporting to be from America Online that said there had been a billing problem with recipients' AOL accounts. The perpetrator's e-mail used AOL logos and contained legitimate links. If recipients clicked on the "AOL Billing Center" link, however, they were taken to a spoofed AOL Web page that asked for personal information, including credit card numbers, personal identification numbers (
PINs), social security numbers, banking numbers, and passwords. This information was used for identity theft.
Potential uses of your information: Control of victim's financial accounts, open new bank accounts, transfer bank balances, apply for loans, credit cards and other goods/services, luxury purchases, hide criminal activities, receive government benefits or obtain a passport.
Tips on how to avoid phishing:- If you receive an unexpected e-mail saying your account will be shut down unless you confirm your billing information, do not reply or click any links in the e-mail body. For example, PayPal will never ask you in an email: Credit and debit card numbers, Bank account numbers, Driver's license numbers, Email addresses, Passwords, Your full name.
- Look for misspellings and bad grammar. While an occasional typo can slip by any organization, more than one is a tip-off to beware.
- Beware of the @ symbol in a URL. Most browsers will ignore all characters preceding the @ symbol, so this Web address -- http://www.respectedcompany.com@thisisascam.com -- may look to the unsuspecting user like a page of Respected Company's site. But it actually takes visitors to thisisascam.com.
- Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It means your information is secure during transmission.
- If you are uncertain about the information, contact the company through an address or telephone number you know to be genuine.