What is a Phishing Scam?

I don't know if you've ever heard of Phishing before - but it's essentially what it sounds like. A fraudulent group of hackers, advertisers or scammers will write up an email that pretends to be from some well-known vendor. They then send out thousands of these emails all over the world, fishing for a response. The email will say something that is likely to elicit a reaction out of sheer habit. Examples include:

"Your purchase has been shipped, click here to track it"

"Your password is about to expire, click here to change it,"

"Your account is about to expire, click here to renew it,"

"Your order has been confirmed, click here to view it."

Obviously getting you to "click here" is the scammers' objective. The link usually leads to some form of advertising. If it's exceptionally nasty, the link goes to a download for a Trojan Horse or some other kind of Malicious program. If it's exceptionally deceptive, the scammers have gone through the trouble to make a fake web page.

But the Log-in Page looks Genuine

Remember that a web page is mostly just images and text. Given some time, it's not difficult to make a page that looks just like your Bank's log in page. If the victim takes the time to investigate, they'd see that the page is just a front: it wouldn't work right or some security measure would be out of place. Often, the links on scam page work though because all the scammers have to do is make a set of fake pages to support the main one or just link to the real thing.

Whether or not the page stands up to scrutiny doesn't matter. The urgent nature of the email pomps people to not take a second look, just go straight to the login field that the scammer has provided. As long as the unscrupulous vendors keep a victim there long enough to get a username and password, they win!

Usually the intent is steal money, not hurt the victim's computer. That's why Phishing always uses names you'll recognize: Bank of America, Skype, Facebook, Twitter, Amazon, Paypal, Ebay, etc.

The Best Ways to Tell a Scam

1. Real Companies Don't link to their log-in.

Reputable alerts from companies you trust never link you to their site. They'll just say, please visit the log in page and log in. They know that scammers use the link-to method, so the real companies don't do that.

2. Real Companies Don't Attempt to Scare You or Bribe You

Even if something is legitimately wrong with your bank account or your account status, the legitimate practice is to use non-volatile language that is non-specific as to the nature of the problem. They say simply “there is a problem” or “your attention is required.”

Of course, scammers learn fast and they've started using these methods as well, so you must be cautious. Still it's easy to avoid subject headings that seem just a little too frightening, examples include

"Your identity has been stolen!"

"Your computer is infected!"

"There's been a large withdrawel from your bank account!"

Or that seem good on the surface but are probably too good to be true:

“You've won $”

“You're money transfer is confirmed”

“You're order is confirmed, need payment!”

“So&So has a crush on you!”

“So&So wants to meet you!”

3. Real companies don't send you emails unless you ask for them.

It's good to keep track of what businesses you've given your email to. And if you have more than one email address, remember which buisnesses go to which. Today people sign up for emails all the time, coupons, special offers, news briefs – all of these kinds of emails have one thing in common; they aren't tied to a paid account. So if you know that the email list you've signed up for only gives out coupons, they have no business asking for money.

Of course, if you get emails from what seems to be a trusted vendor but you can't think of how that vendor got your address, then it's likely a scam. What's the best way to find out? Call. Visit a store. Do anything where you talk to a person. In these situations, the person can tell you if you have an account or if you don't and then you'll know whether the emails your getting are legit or not. An added bonus: if you don't want your name on the email list, the person can often remove it for you.

Getting a feel for email scams is usually is the best way to evade them. Emails that are very "urgent" are no more to be trusted than junk mail that says "open immediately." Recognizing some of the principles that legitimate companies use helps you to avoid these problems.