What is phishing?
With phishing identity theft, the scene of the crime is not a physical location—instead, it occurs in the digital realm. Phishing is an internet crime in which scammers prey on victims through deceptive communication, often emails, disguised to look like an email from a trusted source. The emails often express urgency and the need for the recipient to provide personal information such as their Social Security or credit card number.
For example, a phisher may send an email using a company or bank’s logo and pretend to be that company informing its customers that they must update their personal information to avoid a potential security breach or loss of access to their account. You need to be on the lookout for scams like this to protect your identity and your financial information.
Other identity theft scams
Along with phishing, vishing and pharming are similar crimes performed by digital scammers.
Vishing
Much like phishing, vishing is a scam in which the perpetrator pretends to be someone they are not to obtain a victim’s personal identification, credit card or bank account information, which they can then use to steal the victim’s money or identity in some way. Instead of being perpetrated through the internet, however, these scammers use the phone.
They call their victims and use manipulative and deceptive language to persuade them to give up personal information through a live phone conversation, recording or voicemail.
Pharming
Pharming is another cybercrime in which, as with phishing, scammers use the internet to illegally obtain or use a person or company’s data. These attackers, however, manipulate a website’s domain name system (DNS) server so that a correct link or domain name will be deceptively rerouted to the hacker’s own website.
This fake website may load harmful malware on the victim’s computer or imitate a real site to lure the victim into entering their login or other type of personal information, which the hacker then steals.
Signs of phishing
A story to convince you to click
One insidious thing about phishing is that the cybercriminals carrying out these attacks don’t just use technology or hacking skills to take advantage of their victims—they also attempt to use a person’s emotions and psychology against them.
These scammers will often develop a fake story to appeal to your emotions in the hopes that you’ll take whatever action they want you to take as soon as possible. This could be just about anything—for example, one of your accounts has been compromised or shows suspicious activity, you’ve won a contest, you’ve been caught in a crime you didn’t even know you committed or someone you know is in trouble and needs money right away.
Generic greetings
Fortunately, phishing scammers are often not as sophisticated or knowledgeable about who you are as they may want you to think. One sign of this is that they may use a generic greeting in their email to you instead of your name, as a true sender likely would. For instance, they may start the email by saying “Dear Customer” or “Dear Member” instead of your name.
Fake website links
Another sign of phishing to be on alert for in any email you receive is a fake website link, since unlike with pharming, phishers have typically not yet been able to hack into a DNS server to be able to reroute a correct link. If an email asks you to click on a link, make sure you take a close look at it first. Are there any misspellings, or does it end in the wrong domain name extension?
To know for sure, hover over any link with your cursor before clicking on it. The true domain address for the link will appear at the bottom of your computer screen.
An emphasis on urgency
If any email, voicemail, phone call or text message you receive comes with an urgent message saying you must do something soon or you’ll face a consequence of any kind, it’s important to be suspicious and not act immediately. Because an emphasis on urgency is a common tactic phishers use, the best move is to contact the supposed sender through another method to confirm the message is real or look for other signs of phishing.
How to protect yourself from phishing and other scams
Being aware of phishing and other cybercrimes is the first step to protecting yourself against them. There are also a few more proactive actions you can take.
Use security software
If you use the internet in any way, one of the best and easiest ways you can protect yourself from phishing and other scams is to use some sort of security software, such as virus protection software, on all of your devices. Many companies offer free versions, or you can pay for more robust protection through a monthly subscription.
Back up your data
To protect your important data, perform regular backups by copying files from your computer, tablets and phone to the cloud or an external hard drive. This way, if your computer or accounts are hacked, you can still access any information you need.
Be wary of surprise emails and phone calls
If you receive an unexpected email or phone call that seems out of the ordinary in any way, even if it appears to be from a trusted source, pause before reacting to any demands for money or requests for your personal information.
What can you do about phishing?
Unfortunately, phishing is prevalent and can’t always be avoided. The following tips are things you can do to protect yourself (and hopefully, others) from any further data breaches, identity theft or damage.
Report the email
If you receive a suspicious email that appears to be part of a phishing scheme, take steps to report the email to increase the chances of preventing others from falling victim to these attacks. You can forward the email to the Anti-Phishing Working Group at reportphishing@apwg.org or report the attack through the Federal Trade Commission (FTC) website. You can also file a complaint through the FBI’s Internet Crime Complaint Center (IC3).
Check your computer’s security
Along with ensuring you have security software running on your computer, there are several steps you can take to make your computer less susceptible to phishing attacks. These include:
- Creating strong passwords and keeping them in a safe place
- Turning on two-factor authentication on your devices, password managers and applicable websites
- Updating your computer and phone’s operating systems, web browsers and apps, since outdated software is more susceptible to hackers
Look out for identity theft
If any of your accounts, software or data has become compromised by phishers, you may not realize it at first. One way to stay more in control of your information and online identity, then, is to keep an eye out for identity theft. Fortunately, there are simple ways to learn if anything has gone awry.
- If you think you may have encountered a phishing attack or your data has been compromised in any way, visit IdentityTheft.gov to report your situation and obtain a recovery plan.
- Place fraud alerts on your credit reports so you’ll be notified if your credit score drops or changes.
- Regularly monitor your account and credit card balances.
If you find you have become a victim of identity theft, in addition to reporting any phishing attacks to the previously mentioned entities, contact your local police, your creditors and the credit bureaus. You may also want to work with a credit repair company, like CreditRepair.com, to get your credit back on track. Whatever you decide to do, do it fast—your credit profile will thank you.
