How phishing works
Phishing occurs when a scammer, posing as a trusted company or individual, sends you a legitimate-looking email asking you to confirm or update your information. A link is often provided in the email “for your convenience.” However, the link takes you to a fraudulent website where all of the information you enter—passwords, Social Security numbers, account numbers, etc.—is recorded for the purpose of defrauding you.
Common types of phishing emails
*Asking you to reply with confidential information: Fraudsters commonly send emails that appear to come from a source you know, such as a company you do business with (like your bank or insurer), an online retailer you make purchases from (such as Amazon or the Apple Store), or even a government organization (such as the IRS). In the email, the message asks you to reply with confidential information, such as your account number or Social Security number. Often these emails can be very convincing, with logos, content and supporting links from legitimate sites. Even the “From” address can be masked to make the email look like it’s from a company you trust. Always remember that a legitimate source will never ask you to reply to an email with confidential information.
*Asking you to click on a link: Another common phishing attempt includes a malicious link in the email—but the link looks credible. For example, similar to the scenario above, you could receive an email that appears to be from a trusted source, and the email asks you to click a link to verify your information. The email may express urgency, stating that you need to verify your information as soon as possible because an unauthorized party tried to access your account. However, when you click that link, you’re sent to a fraudulent website that looks like a site you trust. On that page, any information you enter is sent straight to the scammer—without your knowledge.
*Asking you to open an attachment: Phishing email scams may also include an attachment that, when opened, is capable of stealing confidential information from your computer. Just like the two examples above, you could receive an email that looks like it’s from a trusted source, with a message asking you to open the attachment to obtain information about your account. Opening that attachment, however, would give fraudsters access to your email account, contacts and other personal information. If in doubt about opening an attachment received via email, always call or contact the source in a separate channel to verify the attachment’s authenticity.
4 simple rules to help protect yourself
Keep these four points in mind to better protect yourself against email fraud:
- Never send sensitive personal or financial information through email.
- Don’t open email attachments unless you trust the source.
- Don’t follow links in an email asking for sensitive personal or account information, even if the source looks familiar.
- Ask questions. If you’re suspicious, call the company that the email appears to be from, and ask about the message.