What is Phishing and How to Avoid It

As computers become entrenched parts of our lives like television, users have to become more and more aware of computer security. Specifically, you need to know how identity thieves can rip you off using your computer.

One of the most common ways is phishing.

Phishing Defined

Phishing is the criminally fraudulent practice of soliciting sensitive personal information from computer users. This could include, but not be limited to; passwords, usernames, credit card numbers or other financial data. The key is that phishing pretends to be a trusted entity while doing this.

They use communications that seemingly originate from banks, social networking sites, online payment and other sites (including the IRS) that appear legitimate.

The communication usually comes in emails or instant messages that contain links. The links or urls are usually misspelled variations of legitimate websites.

Once you get there however, the websites do appear to be the real thing—the IRS, an online payment or a financial institution site.

The actions the email is requesting you to perform are to “confirm your billing information” or that you need to “verify your account.” The reason is “for your security” or that there is a “problem with your account.”

Once you click on the link, the site typically instructs you to enter personal or financial details like:

    • Bank account numbers
    • Credit card numbers
    • Your social security number
    • Your password

If you enter this information, then you’re a victim of phishing.

Avoiding Phishers

You can avoid becoming a phishing victim by practicing some internet savvy techniques that will help you weed out the phishers:

  • Almost every legitimate email will contain some information not available to phishers. For example, PayPal always uses the customer name in their communications. So, if an email from PayPal stated: Dear PayPal Customer, it’s probably a phishing attempt
  • Type the legitimate address of the institution you received the email from into the URL bar instead of clicking on a link in the email
  • Look for misspellings or poor grammar in the communication
  • Check the email address to see that it is from the legitimate institution—not gmail or some spelling variation of the real company
  • Use anti-virus, anti-spyware, anti-malware and a firewall. They can prevent phishing emails or pop-ups from entering your computer.
  • Never email a credit card number or your social security number to anyone

If you do receive a phishing email, forward it to the legitimate institution so they can deal with it.