Credit Infocenter

Beware of Phishing Cyber Scams and ID Theft

Written by: Kristy Welsh

Last Updated: April 19, 2017

Phishing is the act of attempting to acquire personal information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an email communication. Phishing emails may contain links to websites, which are infected with malware so when the unsuspecting person clicks on the link, their financial information and passwords, that may have been saved on their computer, are stolen.

The sender may ask you to "confirm" your personal information for some made-up reason; your account has been closed, an order for something has been placed in your name, your information has been lost due to a computer error, etc. A phishing email will contain a concocted story designed to lure you into taking an action such as clicking a link or button in the email or perhaps calling a phone number and providing or confirming personal information.

History of Phishing

The phishing technique was first described back in 1987 and the term "phishing" was established in 1995 as a play on the word fishing. A cyber-thief uses "bait" to "lure" his victim into clicking on a malicious link to which their private information was stolen. Hence, the beginnings of Phishing.

How to Spot a Phishing Email

There are many telltale signs, but here are some of the most common:

  • Generic Email Greeting.  A typical phishing email may address you in a generic fashion, such as "Dear User:"
  • Sender's Email Address.  The address that the email is "From" may include an official looking one (possibly copied from the genuine business or entity). Be aware that email addresses can be easily altered and are not necessarily indicative of the validity of the sender.
  • It Requests a Quick Response.  Most phishing emails are written with a false sense of urgency attempting to convince you that your account will be "in jeopardy" if you don't perform a particular action immediately.
  • A False Link or Website.  Many of these phishing emails contain a link that looks valid to connect you to the "Subject" site, but directs you to a fraudulent site that may or may not have a URL different from the link provided. Even though the email looks like the "real deal", complete with authentic logos and working web links, it may well be just a clever disguise. See below for help in identifying a false website link.
  • Attachments.  Only open attachments if you are expecting them and know what they contain. Even if the message looks like it came from someone you know, they could be from phishers and contain programs that may steal your personal information.

How to Avoid Being a Victim of Phishing

Remember, when it comes to phishing, you are in control. To protect your financial and identity information, simply ignore all email requests for information. Other tips include:

  • Keep Your Security Software Current.  Protect your computer with spam filters, anti-virus and anti-spyware software, and a firewall and keep them up to date. A spam filter can reduce the number of phishing emails you get. To learn more about Internet security measures, go to OnGuard Online or StaySafeOnline.
  • Password Smarts.  Be smart about choosing your passwords; change them often, and choose uncommon passwords that include numbers, letters and symbols.
  • Go to Actual Websites; don't use links.  If you think the email message is legitimate, do not click on the link provided in the email to get to the website. Instead, go to the actual Web site by entering the URL for the home page, and look for the supposed legitimate Web page within the site to confirm.
  • Report Phishing Emails.  Many of the companies that phishers commonly use to attempt to obtain your information will investigate emails forwarded to them from targeted victims. EBay and PayPal are good examples, and this will benefit all intended victims and helps stop identity theft. You can also report the problem to law enforcement agencies through the National Fraud Information Center/Internet Fraud Watch at 1-800-876-7060.
  • Security Freeze Placed on Account.  Look into having a security freeze placed on your credit files to help prevent credit information from being disclosed to open a new account without your explicit consent.
  • Never Enter Personal Information in a Pop-Up Screen.  Legitimate companies, agencies and organizations don't ask for personal information via pop-up screens. Install pop-up blocking software to help prevent this type of phishing attack.
  • Phishing Also Happens by Phone.  Be suspicious if you get a call from someone pretending to be from a company or government agency, and asking for personal information. Particularly if you are contacted out of the blue; it's a sign something is "phishy".
  • Ask Yourself if it Makes Sense.  If this company already has your personal information, they would not request what they already have on file.

Tips on Identifying a False Website Link

Hold your mouse over the link in your email, but DO NOT CLICK ON IT. You will see where the link goes in the left bottom corner of the browser or your email software window.

For example, if the email were regarding a PayPal matter (though PayPal RARELY sends out email with a link back to their website), a SAFE link to PayPal would be:

something.paypal.com

Why is this safe? Because the "paypal" part of the link is located immediately next to the ".com" part of the link and "paypal.com" are the last letters in the link.

An unsafe link is something like:

something.paypal.com.add-me.net

Why is this unsafe? Even though the "paypal" part of the link is located immediately next to the ".com" part of the link, the "paypal.com" are NOT the last letters in the link. This means that the link is going to the website of "add-me.net" where most likely malicious code resides, or there is a form which mimics a form on PayPal requesting your information.