What is Phishing?
What do you think is more likely to happen? A) Having a hacker steal your credit card information over the Internet and charging thousands of dollars on it the next day, or B) getting tricked online by a simple letter in your email box from a con man?
The answer is B—online con artists and tricksters are more likely to weasel money from us than hackers are. Even though hackers make more headlines these days with serious breaches of security, everyday computer users—like you, your sweet grandmother or your naive twenty-something—are more likely to get burned online by a convincing con artist.
How can con artists still trick people? Because they are very good at what they do and have been for thousands of years, long before the Internet came around. They use trickery and lies to gain your trust and steal your money. (Think of Adam and Eve and the serpent.)
If you don't know what to be on the lookout for, an online con artist can fool you when your guard is down. But if you learn some of their tactics and tricks, you can fend off their scams and save yourself—or your parent or grandparents—from a lot of trouble.
One of the tactics they use is called "phishing," an old, online con that's still a major problem even though people think they're smart enough not to fall for a scam.
Instead of using a rod and reel with a sardine on a hook to net a catch, the tricksters use misleading emails to attract your attention and lure you into their scheme. If you take the bait, the outcome could cost you thousands of dollars and a lifetime of regret and embarrassment.
One of the aspects that most of us like about the Internet—anonymity—is something that an online scam artist will use to their advantage. A con artist can pretend to be anybody they want to be. They don't need elaborate disguises as the characters on Mission Impossible do or false ID badges and credentials like the ones in Ocean's 11.
When it comes to phishing, all they need are an angle and a whole bunch of email addresses. They usually don't have a lot of technical savvy like a hacker does...they only need a low level of writing and computer-design skills to create emails and fake websites that look legitimate enough to fool you.
What a does a "phish hook" look like?
The typical scam at play these days works something like this:
- You receive an email letter from your bank or credit card company that says your account has been compromised or that you need to update your information...or it will be closed.
- But it's not really from your bank. It's from a phisher hoping to catch you off guard with a very sneaky scam. They're savvy enough to use simple graphics (bank logos, etc.) to make it look legit.
- The fake email conveniently includes a link you can click on to resolve the problem ASAP, which you're told you need to do. If you do it, you're whisked to a Web page the con artist has designed and controls...he's reeling you in. On that page, you're asked to update your account information...username, password, etc.
- If you send/submit the update, you will have provided the phisher with all he needs to steal money, your identity or both.
Sometimes the phisher's goal isn't to steal account information—it's to gain access to a company's or government agency's private network. So instead of targeting a broad audience with a wide net, they'll target a select group of individuals with a message that appears to have come from either a coworker or a department within that organization, such as Human Resources or the payroll department. That's spear phishing.
How to stay safe.
Whether you're at home or at work, maintain a healthy attitude of doubt whenever you're asked to provide any kind of account information or are instructed to update your username and password. Take a long, close look at the source and verify that it's legitimate before you do anything.
That ounce of prevention could be worth the weight of your money.