Phishing (online scams) is the practice of using fake websites and messages to trick people into handing over sensitive information such as login details, credit card numbers and verification codes. Banks and other businesses that store this kind of data are especially common targets.
How phishing works
The most common form of phishing is when phishers create a near-identical copy of a legitimate company’s website. The fake site is hosted on the phisher’s own server, and any information a visitor enters is captured. It can be very difficult to tell a real website from a fake one, particularly when phishers use addresses that closely resemble the genuine URL. You can often spot a fake by small differences in spelling, but they can be hard to notice at first glance.
A link to the fake website is typically sent in an email asking the recipient to update or change their information. This alone is a strong warning sign, as very few legitimate companies ask their customers to manage sensitive data this way.
So-called IDN domains (domain names containing international characters) are increasingly used by phishers. Some IDN characters look almost identical to the letters used in standard domains, which makes it possible to create addresses that are very hard to distinguish from the real ones.
How to protect yourself from phishing
Never follow links from suspicious emails like those described above. Instead, visit the sender’s website by searching for it in a search engine, or by typing the correct web address directly into your browser’s address bar.
Banks and other companies you are a customer of will not normally ask you to log in and change your user information by email. If you receive an email making such a request, contact the company directly to verify it.
When a legitimate email asks you to take a specific action, it usually includes some form of personal verification, such as your account name or the first digits of your credit card number. If no such detail is present, treat the message with caution.
Always use an up-to-date browser. Modern browsers include built-in phishing protection that checks sites against a database of known phishing addresses and displays a warning if a site is flagged as suspicious.
Further reading
- http://en.wikipedia.org/wiki/Phishing – Wikipedia article on phishing.
- http://www.millersmiles.co.uk/scams.php – Gallery of phishing examples.