What Is Phishing?
Phishing is a method of identity theft that relies on individuals unwittingly volunteering personal details or information that can be then be used for nefarious purposes. It is often carried out through the creation of a fraudulent website, email, or text appearing to represent a legitimate firm.
A scammer may use a fraudulent website that appears on the surface to look the same as the legitimate website. Visitors to the site, thinking they are interacting with a real business, may submit their personal information, such as social security numbers, account numbers, login IDs, and passwords, to this site. The scammers then use the information submitted to steal visitors' money, identity, or both; or to sell the information to other criminal parties.
Phishing may also occur in the form of emails or texts from scammers that are made to appear as if they are sent from a legitimate business. These fake emails or texts may install programs like ransomware that can allow scammers to access a victim's computer or network.
- Phishing is a type of data theft that involves people unknowingly volunteering their personal information to a bad actor.
- A phishing attempt may utilize an official-looking website, email, or other forms of communication to trick users into handing over details like credit card numbers, social security numbers, or passwords.
- Phishing websites can appear identical to official websites, prompting users to input their real credentials on the malicious website.
What Is Phishing?
Phishing scammers create a false sense of security for their targets by spoofing or replicating the familiar, trusted logos of well-known, legitimate companies, or they pretend to be a friend or family member of their victims. Often, the scammers attempt to persuade victims they need personal information urgently, or the victim will experience a severe consequence, such as frozen accounts or personal injury.
A classic example of phishing is an identity thief setting up a website that looks like it belongs to a major bank. Then, that thief sends out many emails that claim to be from the major bank and request the email recipients to input their personal banking information (such as their PIN) into the website so the bank may update their records. Once the scammer gets a hold of the needed personal information, they attempt to access the victim's bank account.
Phishing scams are some of the most common attacks on consumers. According to the FBI, more than 323,972 people fell victim to phishing scams in 2021. Collectively, they lost $44.2 million.
Protecting Yourself from Phishing Attacks
The following highlights signs of phishing, and how to protect yourself.
- Exceptionally good deals or offers. If an email touts offers that are too good to be true, they probably are. For example, an email claiming you've won the lottery or some other lavish prize may be luring you in to get you to click a link or relay sensitive personal information.
- Unknown or unusual senders. Though phishing emails may look like they originate from someone you know, if anything seems out of the ordinary, be cautious. When in doubt, hover over the email address of the sender to ensure the email address matches the email address you expect. Place a phone call to the company if you are unsure of an email or website. Don't respond to emails with any personal information. (See the image below for an example of an unusual sender's email address).
- Hyperlinks and attachments. These are particularly concerning if received from an unknown sender. Never open links or attachments unless you are confident they are from a safe sender. Type in the link address rather than clicking the link.
- Incorrect spelling in the web address. Phishing sites often use web addresses that look similar to the correct site, but contain a simple misspelling, like replacing a "1" for an "l".
- Immediate pop-ups. Be wary of websites that immediately display pop-up windows, especially those asking for your username and password. Use two-factor authentication, a browser with anti-phishing detection, and keep security on your systems up-to-date.
According to the Federal Trade Commission (FTC), phishing emails and text messages frequently tell stories to trick people into clicking on a link or opening an attachment. For example, phishing attempts may:
- Say they've noticed suspicious activity or log-in attempts on your account
- Claim there's a problem with your account or payment information
- Say you need to confirm or update personal information
- Include a fake invoice
- Ask you to click on a link to make a payment
- Claim you're eligible to sign up for a government refund
- Offer a coupon for free goods or services