What is Phishing?
Phishing is a relatively newly coined term for a kind of method for harvesting information for identity theft. Phishing is quite simply providing a person with false information or credentials to trick them in to giving you their personal information. This is done by a form of social engineering, by posing as a different person or organization that you already trust.
How does Phishing Work?
The most common form of Phishing is done by sending out fraudulent e-mails, that lead back to websites that look legitimate. Normally an e-mail is sent to a huge amount of people stating in very general terms that you should come to their website and update your information, or provide them with some new information they need, or some other similar excuse. When you click on the link in the e-mail it will take you to a website that looks very similar to the one you are expecting, you enter your information, and now they've got you. Another method is to open a popup windows asking information, on top of the real legitimate website.
How can I identify a scam e-mail?
There are several major things to look out for that will lead you to believe the e-mail is fraudulent. Quite often the e-mails will be HTML based, not plain text, this allows them to put active links that display a legitimate website, but the coding behind it takes you to a different website.
Often new websites are registered with altered spellings of major corporations and organizations, or the link will lead directly to an IP address (ie 18.104.22.168) instead of a website domain (ie www.website.com).
Another very quick way to identify a false e-mail is to see who it is address to. Normally e-mails that are fraudulent in nature are addressed to "Dear Customer" as opposed to your real name, and often they are e-mailed to many users at one time.
No legitimate organization should ever ask you to provide you with personal information via e-mail. If any e-mail ever asks you to e-mail them your private information, you should report this e-mail to the company they are posing as.
How can I avoid falling for a Phishing scam?
If you believe the e-mail could be legitimate, don't click on the link in the e-mail, instead open up your web browser, and use the link/favorite you already have, or type in the website yourself in to the URL box. This will guarantee that you are using the correct legitimate website!
Using the same method to get to the website as mentioned above, go to the organizations help page or contact page and ask them about the e-mail they may have sent you. You can also forward them the e-mail to a known legitimate e-mail address at their organization.
What if I already fell for this scam?
If you have mistakenly been taken in by this kind of scam there is several very important steps you need to take. First, report that you have been tricked by this method to your credit card companies, and other financial institutions.
Report that you have been tricked to the company that you thought you were legitimately updating information for. If you can provide them with the e-mail that tricked you, it may be useful for helping to reduce the impact on other people around the world.
Change all your passwords and PIN numbers for all your financial institutions and websites immediately.
Monitor your credit card statements, financial slips and balances. If you notice a discrepancy, immediately contact your financial organization and let them know about the fraudulent activity. In addition most banks should be able to add you to a fraud report list that will stay on your credit report that will make it harder for people to create new credit cards or open accounts without providing legitimate identification in person. Finally, you should contact your local police or law enforcement organization and file an incident report to cover yourself should illegal activities happen!