Identity Theft & Scam Guide: Phishing Scams

In our in-depth guide on how to protect yourself from identity theft, we mentioned various different methods that fraudsters get access to your info. With this info, they can do all manner of things, including taking our loans, opening credit cards, and even using your name to commit fraudulent acts. Fraudsters can get your information from data breaches committed by hackers. Another method that thieves use to get your info is a tactic called phishing.

You’ve undoubtedly come across phishing scams in the past. One common one that the author got just this past week was a scam email from someone pretending to be from Amazon. They claimed that a purchase was made for a very high dollar amount. The email included a phone number that one could call in order to issue a refund. The author did not call the number as he recognized it as a scam, but upon calling the number, the person on the phone would have likely asked him to provide sensitive personal information. This information could have included banking or credit card information, which could then be used to withdraw money or charge the card.

So now that you’ve seen one example of a phishing scam, what are phishing scams in general? What do phishing scammers hope to achieve? And, most importantly, how can you recognize them when you see them and avoid falling victim to them?

What Are Phishing Scams & How Does Phishing Work?

Phishing (pronounced like “fishing”) is a type of scam where the fraudster pretends to be a legitimate entity in order to trick the user into providing sensitive or personal information. The origin of the name is uncertain, however it is said to have been coined by a hacker named Khan C. Smith back in the 1990s. Phishing had been known before this, and steps had been taken to prevent it.

The way phishing works depends entirely on the medium. However, the typical strategy is to pose as a legitimate entity, give a user a reason to reply, interact with, or contact them, and then ask the victim to provide sensitive information. Phishing can also be used to get users to install malware on their computers, including ransomware, a type of malware that locks down a user’s computer & requires the user to pay a ransom to regain access to their computer and files.

Phishing, at its core, is a con. It works because the fraudster is relying on the victims trust that the request, and the source of that request, is legitimate. Fraudsters use social engineering to convince the victim that they are the real organization, and from there they build enough trust to collect information that can be used or sold.

Phishing is the most common type of cyberattack, and victims of phishing range from normal law-abiding citizens to large multinational companies and sovereign governments. It’s a serious enough issue that it is considered a major threat by the United States government, and fraudsters found to be engaging in phishing can be charged with fraud and sentenced to prison time.

What Does Phishing Look Like?

The most common phishing tactic is the phishing email. They send an email with a request or problem that sounds like it could be serious, then they instruct you to click a link in order to rectify the problem or answer the request.

Phishing has changed surprisingly little over the lifetime of the Internet, however certain phishing tactics have gotten much more sophisticated. For example, many phishing techniques via email involve spoofing the email address (using an email address that appears to be from a legitimate entity, such as [email protected]) and creating emails that are designed to look just like emails sent from the real company. Not all phishing attempts do this, however.

Another very common method of phishing is sending links to fake websites that look like a real one. For example, if a phishing email is pretending to be from Chase Bank, they might include a website with a URL that looks suspiciously similar to Chase Bank’s actual website address. The website might look a lot like Chase Bank, and when you try to log in, it’ll take your login information.

Phishing can also be done over text, via instant messaging apps such as Facebook Messenger or WhatsApp, or even through snail mail. If you receive a text from an unknown number that tells you to visit a specific website for any reason, it might be a phishing link.

How Do You Avoid Phishing Scams?

  • Like the author at the beginning of the article, if you get a receipt from “Amazon” and you didn’t purchase anything, don’t trust the email. Do NOT click on the link and do NOT call any phone numbers in the email! Instead, go to the Amazon website and check for yourself.

    Clicking links from unknown emails or text messages can be dangerous as clicking a link can cause your computer to download malware from the website. If you’ve already clicked the link, you will want to perform a virus scan just in case, and you’ll want to check your information on a different device. Clear your browsing data, change your email passwords, and report the email as phishing or as a scam.

  • Always Check The URL Of The Website You’re On:

    Many phishing attacks happen because the victim types in a misspelled URL, or clicks on a link with a misspelled URL. By going to the URL bar at the top of your screen, you can see the real URL of the website you’re on. To do this on most mobile devices, you can click anywhere on the screen that isn’t already clickable.

    If you find that the website you’re on is not the right one, exit out of that site immediately. You may also want to perform a virus scan.

Always Check The URL Of The Website You’re On:

Companies and organizations know that phishing scams are common and are used to steal identities and money from unsuspecting victims. By contacting the actual company (through their website, and using their systems), they will be able to tell you whether or not a message you received was real.

One common phishing scam comes from fraudsters pretending to be the IRS. The IRS will never call you, they will never text you, and they will never request sensitive information from you. If you have a question about your tax situation or about something you received, you can call the IRS (they won’t call you first).

Identity theft is a serious matter, and should not be taken lightly. However, it is largely preventable and by following these seven tips, you could prevent getting your identity stolen by a stranger. Check out The Credit Pros’ ebook about 7 proven ways to prevent identity theft!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.