5 Frequently Asked Questions
Phishing is one of the most common types of fraud today. Internet fraudsters send an email or pop-up that looks official and prompts you to enter certain personal information. If you do enter the information, the fraudsters then use it to access your accounts, make payments in your name, or even steal your identity. Here are a few questions people often have about phishing and how it works.
How are phishers able to mimic official institutions?
Many people who fall prey to phishing legitimately think they are sending their information to their bank or an official company. Phishers do a really good job of posing as real businesses, but if you look closely, you can spot a few red flags:
- The website a link takes you to might have a misspelling. For instance, you may be taken to a phishing site called BlueBannk.com when you have an account with Blue Bank at BlueBank.com.
- The email address may not be from the actual company. For instance, the email may come from BlueBank@gmail.com (not an official email address) rather than customerservice@BlueBank.com.
Keep an eye out for these red flags, but also remember that banks and other real institutions generally do not request information via email or pop-up. If you see such a request, it is almost certainly a phishing attempt.
How do phishers get your email address?
Scammers sometimes hack the databases of smaller, less secure companies and get a list of their email contacts. They then sell these lists to other scammers who run phishing schemes.
Some phishers randomly generate email addresses and just send their messages out en masse. They may not have gotten your email address from anyone—they may just have "guessed" it. Usually, email addresses consisting of first and last names are most easily "guessed."
How much information can scammers get with one password?
Some phishing attempts simply prompt you to enter your username and password, often for a less-important site like a forum or a store website. You may assume it's not a big deal if someone gets into your account for a favorite store or forum, but phishers can get more out of this information than you know. They may try the same password and username on other more important sites, like your bank website, to try and gain access. They may also get your address and other information from the initial account and use that to access additional accounts and websites.
What should you do if you notice a phishing attempt?
If you recognize phishing, report it to the organization that the scammers are trying to mimic. Take a screenshot of the email or pop-up, and forward it to the relevant company. Most banks and larger institutions have security teams that will take action and contact the relevant authorities.
How can anti-virus software protect you from phishing?
Anti-virus and firewall software can help ensure scammers are not able to install spyware on your computer if you do accidentally click on a scam link. They can also prevent pop-ups from prompting you to enter your information. Most anti-virus programs embedded in email services these days are made to recognize phishing and "flag" suspicious emails, too.
It's so important to be able to recognize phishing and avoid scammers' attempts. By furthering your understanding of how phishing works, you can get a "leg up" on the scammers and avoid their attempts to steal your information. Knowledge is the best protection in this case.