Identifying and Reporting Phishing Scams

What is a phishing scam? Phishing is a type of internet criminal activity where a target receives an email supposedly from his or her bank or other trustworthy business or person. Believing the email to be legitimate, targets may follow the links contained in the email that eventually leads to giving away critical personal identity or financial information.

Usually these emails will tell the recipient that they must update their personal information or that someone has tried to access their account. The second approach helps to distract the target with worry in the hopes that he or she will then be less aware of just where the links are pointing to.

Phishing scam emails will often contain official logos. Usually these logos are even called from the official site’s server. Not only does this lend credibility if a target is to check on the image location, but saves the scammers hosting fees.

How do I spot a phishing scam email?

This is really pretty simple. First of all, never –I repeat, NEVER send personal or financial information via email. If a legitimate company needs such information they can provide you with a secure website where it’s safe to input sensitive information.

Secure website address begin with “https” rather than the regular “http”. When targets visit the phishers’ website, they’ll be greeted with a clone of the actual website. Here they will be asked to input their login, personal or financial information.

Don’t let hyperlink text fool you

When you’re scanning an email that you believe may be a phishing scam, skip right to the hyperlinks. Does the link point to the official website of the company, such as http://ebay.com? Don’t let the text fool you. Scammers can make a link pointing to one site and then have the visible text say anything they want it to. For example, the link may say http://ebay.com, but if you right click and check the hyperlink’s properties you’ll see that it goes to a different website altogether.

Look closely at the address because phishing scammers will often try their best to come up with domains that look similar to the official website’s domain. Using the same eBay example, the hyperlink properties may reveal that you’ll be traveling to some site such as ebay.target.com. Remember, the last part xxxx.com is the actual domain. Just because the official company name is in the address doesn’t mean it’s legit.

Reporting or verifying an email as phishing

Almost all large websites that deal with personal or financial information have an email address to which you should forward any suspicious email. The default address is spoof@company-name.com . For example, I receive several phishing emails each week from scammers impersonating PayPal. I forward these emails to spoof@paypal.com. They are quick to respond with verification that the email did not come from them. This is also a good tactic to help protect others from these same scammers.