Yesterday I received a phishing email, and it reminded me of how eager some people are to steal our identity. Now granted this wasn’t a very convincing email, but it was still a mean person trying to trick me into giving up confidential information. In this case it was my Paypal login.
The Phishing Email I Received:
We have completed our review and have restored your account. Thank you for your patience during this process and for helping to make PayPal the safest and most trusted online payment solution.
Please update your account by clicking the link below:
Fake Paypal Link
PayPal Account Review Department
Another Fake Paypal Link
Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click the Help link in the top right corner of any PayPal page.
I immediately forwarded the email to firstname.lastname@example.org and received a confirmation from Paypal that it was indeed a phishing scam and they were working to disable it.
So what is phishing (pronounced ‘fishing’)?
Phishing is the attempt to retrieve personal information such as account passwords, bank account information, user names, credit card numbers, etc.. It is done by someone posing as a trustworthy company such as Paypal, eBay, your bank, the IRS, or your credit card company, and tricking you into giving up the information they are phishing for. This is most often done through email, or instant messaging.
In the case of my fake Paypal email, the email contained a link to click. If I had clicked the link, it would have taken me to a fake Paypal website. Undoubtedly this site would look like the real Paypal. It is very easy to grab a website’s code and make a look alike website. Once I entered my password into the fake Paypal website, the scammers would have my information.
How to Protect Yourself from Phishing
The FTC suggests the following tips to protect yourself from phishers:
- If you get an email or pop-up message that asks for personal or financial information, do not reply.
- Area codes can mislead: Some scammers send an email that appears to be from a legitimate business and ask you to call a phone number to update your account or access a “refund.” Because they use Voice Over Internet Protocol technology, the area code you call does not reflect where the scammers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card. In any case, delete random emails that ask you to confirm or divulge your financial information.
- Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
- Don’t email personal or financial information.
- Review credit card and bank account statements as soon as you receive them.
- Be cautious about opening any attachment or downloading any files from emails.
- Forward spam that is phishing for information to email@example.com and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.
- If you believe you’ve been scammed, file your complaint at ftc.gov.
To their list I’d add:
- Never click a link in an email. For example, if you need to visit your bank’s website, type the website address into your browser directly rather than clicking the link in an email.
One of the main reasons scammers continue to phish is because there are enough people out there who make it worth their while. In other words, it is profitable. The best defense we can have is to expose their schemes and not be gullible when it comes to phishing scams.
What experiences have you had with phishing? Tell me in the comments!
Photo Credit: cynchang