Email Phishing scams are carried out online by tech-savvy con artists and identity theft criminals. They use spam, fake websites constructed to look identical to real sites, email and instant messages to trick you into divulging sensitive information, like bank account passwords and credit card numbers. Once you take the phisher's bait, they can use the information to create fake accounts in your name, ruin your credit, and steal your money or even your identity.
Phishing has evolved. Learn 11 ways hackers are angling for your data and how to protect yourself in this guide.
I Responded to a Phishing Email. Now What?
If you’ve responded to a phishing scam, the attacker can possibly:
- Hijack your usernames and passwords
- Steal your money and open credit card and bank accounts in your name
- Request new account Personal Identification Numbers (PINs) or additional credit cards
- Make purchases
- Add themselves or an alias that they control as an authorized user so it's easier to use your credit
- Obtain cash advances
- Use and abuse your Social Security number
- Sell your information to other parties who will use it for illicit or illegal purposes
How did a phishing scam find me?
This style of identity theft is extremely widespread because of the ease with which unsuspecting people share personal information. Phishing scams often lure you with spam email and instant messages requesting you to "verify your account" or "confirm your billing address" through what is actually a malicious Web site. Be very cautious. Phishers can only find you if you respond.
How will I know if I've been phished?
Phishers often pretend to be legitimate companies. Their messages may sound genuine and their sites can look remarkably like the real thing. It can be hard to tell the difference, but you may be dealing with a phishing scam if you see the following:
- Requests for confidential information via email or instant message
- Emotional language using scare tactics or urgent requests to respond
- Misspelled URLs, spelling mistakes or the use of sub-domains
- Links within the body of a message
- Lack of a personal greeting or customized information within a message. Legitimate emails from banks and credit card companies will often include partial account numbers, username or password.
How can I protect myself from phishing?
When you arm yourself with information and resources, you're wiser about computer security threats and less vulnerable to phishing scam tactics. Take these steps to fortify your computer security and get better phishing protection right away:
- Do not provide personal information to any unsolicited requests for information
- Only provide personal information on sites that have "https" in the web address or have a lock icon at bottom of the browser
- If you suspect you've received phishing bait, contact the company that is the subject of the email by phone to check that the message is legitimate
- Type in a trusted URL for a company's site into the address bar of your browser to bypass the link in a suspected phishing message
- Use varied and complex passwords for all your accounts
- Continually check the accuracy of personal accounts and deal with any discrepancies right away
- Avoid questionable websites
- Practice safe email protocol:
- Don't open messages from unknown senders
- Immediately delete messages you suspect to be spam
Make sure that you have the best security software products installed on your PC for better phishing protection:
- Use antivirus software protection and a firewall
- Get antispyware software protection
An unprotected computer is like an open door for email phishing scams. For a more potent form of protection, use a spam filter or gateway to scan inbound messages. Products like Webroot SecureAnywhere® Internet Security Complete thwart dangerous malware before it can enter your PC, stand guard at every possible entrance of your computer and fend off any spyware or viruses that try to enter, even the most damaging and devious strains. While free anti-spyware and antivirus downloads are available, they just can't keep up with the continuous onslaught of new spyware strains. Previously undetected forms of spyware can often do the most damage, so it's critical to have up-to-the-minute, guaranteed protection.