What is Phishing

Phishing is a method of identity theft carried out through the creation of a fraudulent website, email or text appearing to represent a legitimate firm. A scammer may use a fraudulent website that appears on the surface to look the same as the legitimate website. Visitors to the site, thinking they are interacting with a real business, may submit their personal information, such as social security numbers, account numbers, login IDs and passwords, to this site. The scammers then use the information submitted to steal the visitors money, identity or both, or sell the information to other criminal parties.

Phishing may also occur in the form of emails or texts from scammers that are made to appear as if they are sent from a legitimate business. These fake emails or texts may install programs like ransomware that can allow scammers to access a victim's computer or network.

1:35

What Is Phishing?

BREAKING DOWN Phishing

Phishing scammers create a false sense of security for their targets by spoofing or replicating the familiar, trusted logos of well-known, legitimate companies, or they pretend to be a friend or family member of their victims. Often, the scammers attempt to persuade victims they need personal information urgently, or the victim will experience a severe consequence, such as frozen accounts or personal injury.

A classic example of phishing is an identity thief setting up a website that looks like it belongs to a major bank. Then, that thief sends out many emails that claim to be from the major bank and request the email recipients to input their personal banking information (such as their PIN) into the website so the bank may update their records. Once the scammer gets a hold of the needed personal information, they attempt to access the victim's bank account.

Protecting Yourself from Phishing Attacks

The following highlights signs of phishing, and how to protect yourself.

  1. Exceptionally good deals or offers. If an email touts offers that are too good to be true, they probably are. For example, an email claiming you've won the lottery or some other lavish prize may be luring you in to get you to click a link or relay sensitive personal information.
  2. Unknown or unusual senders. Though phishing emails may look like they originate from someone you know, if anything seems out of the ordinary, be cautious. When in doubt, hover over the email address of the sender to ensure the email address matches the email address you expect. Place a phone call to the company if you are unsure of an email or website. Don't respond to emails with any personal information.
  3. Hyperlinks and attachments. These are particularly concerning if received from an unknown sender. Never open links or attachments unless you are confident they are from a safe sender. Type in the link address rather than clicking the link.
  4. Incorrect spelling in the web address. Phishing sites often use web addresses that look similar to the correct site, but contain a simple misspelling, like replacing a "1" for an "l".
  5. Immediate pop-ups. Be wary of websites that immediately display pop-up windows, especially those asking for your username and password. Use two-factor authentication, a browser with anti-phishing detection and keep security on your systems up-to-date.