Phishing is a scam in which the attacker sends an email purporting to be from a valid financial or eCommerce provider, which generally looks and feels much like the valid eCommerce or banking site.
Often phishing spam messages will use legitimate 'From:' email addresses, logos, and links to reputable businesses such as Citibank, PayPal, eBay in the message. But the message instructs you to click on a web link that sends you to a fake website where you are asked to provide personal information such as your name, address, phone number, date of birth, and bank or credit card account number. Providing this kind of information can leave consumers at risk for identity theft.
We may see the phishing scam in the e-mail messages, social networking website, fake website that accepts donations for charity, instant message program and even on your cell phone or other mobile devices.
Fake, copycat Web sites are also called spoofed Web sites. They are designed to look like the legitimate site, sometimes using graphics or fonts from the legitimate site. They might even have a Web address that's very similar to the legitimate site you are used to visiting.
These are few examples of phishing scams:
The attacker claims to be acting in the interests of safety and integrity for the online banking community. Of course, in order to do so, you are instructed to visit a fake website and enter critical financial details that the attacker will then use to disrupt the very safety and integrity they claim to be protecting.
This eBay phishing email includes the eBay logo in an attempt to gain credibility. The email warns that a billing error may have been made on the account and urges the eBay member to login and verify the charges.
Prevention Methods
It is easy to uncover a crude phishing scam. For example, if you get an email from a bank you’ve never opened an account at, then don’t follow the link and enter your personal information. Now, if you actually have an account at the institution it gets more interesting.
Besides that, user must avoid filling out forms in e-mail messages. You can't know with certainty where the data will be sent and the information can make several stops on the way to the recipient.
If you click on a link in an e-mail message from a company be aware that many scam artists are making forgeries of company's sites that look like the real thing. Verify the legitimacy of a web address with the company directly before submitting your personal information.
Here are some common phrases where e-mail message or phone message may be a phishing scam:
"Verify your account."
Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail.
"You have won the lottery."
The lottery scam is a common phishing scam known as advance fee fraud. One of the most common forms of advanced fee fraud is a message that claims that you have won a large sum of money, or that a person will pay you a large sum of money for little or no work on your part. The lottery scam often includes references to big companies, such as Microsoft.
"If you don't respond within 48 hours, your account will be closed."
These messages convey a sense of urgency so that you'll respond immediately without thinking. A phishing e-mail message might even claim that your response is required because your account might have been compromised.
The best way to avoid becoming a phishing scam victim is to use your best own adjustment. No financial institution with any sense will email you and ask you to provide all of your sensitive information. In fact, most institution are informing customers that “ we will never ask you for your personal information via phone or email.