phish•ing
noun \ˈfi-shiŋ\
: a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly
What is Phishing?
You have probably received a phishing email. These are emails asking you to confirm your information, and often provide a link to a phishing website to do so. Phishing emails impersonating legitimate email services, banks or credit card companies are the most common. Some phishing emails ask you to reply to the mail with your personal information. Others provide you a link to a login page on a website.
Phishing websites are websites attempting to get your personal information such as your email password, bank account details, credit card information, and social security number.
What are the easiest ways to detect phishing, and if these website links you’ve been emailed are actually fraudulent phishing websites?
Legitimate email, banking, credit card, shopping, or other online services that require some type of login, or are asking for personal information, will always be done via a secured connection. When you visit the login page for your legitimate email or online banking service, look at the URL (web address). These legitimate sites with a secure login will be showing “https://”. Unsecured sites will not have the the “s” and will only be showing “http://”.
Next, look at the link in the email itself. Hover your cursor over it (Don’t click!) and see if the address showing up in the bottom left corner of your browser matches the URL of your legitimate email or bank. The link in the email may look like the right address, but if you clicked on it you would be redirected to a totally different address (site).
Or is it a jumble of letters and numbers? Does it have a misspelling? Say your real bank was “yourbank.com” for example, the fake phishing login site might show “yourbankk.net”.
If it’s an unsecured login or the address looks wrong DO NOT LOG IN!
If you’re unsure, exit your email and check with the legitimate service you use by going directly to their website as you usually would, and see if the email that you received was really being sent by them – DON’T click the link in the email. Most likely it was not, and it is phishing for your personal information.
If you’re worried that you’ve already been to one of these phishing websites and been fooled by the phishing login – Don’t panic. Simply change your password and think twice about clicking one of these links and logging in in the future. Guard your online information carefully, and don’t be caught by Phishing.