Phishing scams are commonly initiated via e-mail. Phishing is a fraudulent means of obtaining someone’s username and password. The con artist/identity thief sends an e-mail that appears to originate from a bank, credit card company, or other such company warning of a serious issue you must address right now by clicking a link and logging into your account. The link takes you to an official-looking site complete with text boxes for entering your username and password. If you enter this sensitive information, the con artist has what he or she needs to log in to your real account.
To avoid falling victim to e-mail phishing scams, take the following precautions:
- Play it safe and go to the website yourself without clicking the e-mail or a link in the message. (You should be able to identify the website from the subject line or the address from which the e-mail originated.) If the website is legitimate and the message did in fact originate from it, you should be able to find something on the website about it; otherwise, it’s most likely a scam.
- If your e-mail program features phishing protection, enable it. Check your e-mail program’s help system for details.
- Be aware that most legitimate companies do not send alarming e-mail messages with links to click to resolve issues. If you receive such a message, it’s probably not from the source it claims to come from.
- Mouse over the link and look in the status bar at the bottom of the window to see the address the link will take you to. Chances are, the link indicates one destination while the address takes you somewhere else entirely. This is a sure sign of a phishing scam.
- If you think the e-mail message is legitimate, head to the company’s website to obtain legitimate contact information, and then contact the company to verify that someone at the company sent the message.
- If you determine that an e-mail message is fraudulent, report it to the legitimate company from which it supposedly originated so the company can take action.
Phishing scams are most common but not exclusive to e-mail. Con artists may try to obtain login information in chat rooms, via instant messaging programs, and in social networking venues (including Facebook). A good rule of thumb is this: provide sensitive information only if you initiated contact.