Welcome to WindowsNotes.com. Why not subscribe to our full text RSS feed, or subscribe via email? By the way, you'll only see this message the first two times you visit the site, and then you'll never see it again. Thanks again for visiting.
Okay, So What Is Phishing?
Phishing is an attempt to acquire sensitive information about you or your financial dealings by fraudulent means. While the most common targets seem to be financial institutions such as banks or PayPal, they could take other forms as well. They may be masquerading as charities, for example, or claiming to be from eBay. They may not even be carried out by email or instant messenger, but by telephone. Personally, I’d consider this to be more of a form of social engineering as opposed to phishing, but the result is the same in the end.
Essentially, it comes down to this. You’ll get an email, supposedly from your bank claiming that they’re updating their system, or a fraudulent attempt was made against your account, and that they need to verify your account information or your account will be disabled. They’ll provide a link, where you’ll be asked to provide all of your account information, including username, card number and password. Once you click the submit button on that page, though, it’s too late. Someone, somewhere is now in possession of your information, and probably within 24 hours or so, it’ll wind up being used in ways you never really intended.
What If You Get An Email?
Chances are, you will eventually get an email that turns out to be part of a phishing exercise. There are some obvious ways to tell if something is in fact legitimate or not.
First of all, if you get an email from a bank you’ve never heard of, asking you to verify your account information, that’s a phishing attempt. I’ve gotten emails from the Third First Bank of Phoenix, New York State Bank, and the Bank of America, and I can confirm with certainty that none of those banks have branches here in Canada. If the email is from a bank you’ve never heard of, just delete it.
But what if the email you get is from a bank you have heard of, or worse, if it’s from the bank you deal with? In this scenario, you have two options to safeguard yourself.
First of all, call your branch. Not at the number in the email, but the number listed in the phone book. Or that you call all the time. But an even better option is to print out the email, and drive down to your branch and ask the teller if the bank sent out any such email. Chances are the teller won’t know, however, but will either recognize the email for what it is, or will get someone higher up who will be able to say with certainty that no such email was sent from the bank. Problem solved. Because of this exact situation, please know that almost NO financial institution will send out any such email in this way. And if you do visit your branch and they confirm that, yes, they did send the email, it might be time to look for a new bank.
One thing to remember in a scenario such as this, though is to not panic. It’s VERY unlikely that you were targeted specifically. Phishing attempts are randomly sent, like spam, and if one from your bank happened to get to your inbox, 99 times out of 100 it’s a complete coincidence.
There are a couple of other tips that what you’re reading might not be from where it claims to be. Most phishing scams are originated outside of North America, and usually English is not the first language of the person who wrote the email. If it just doesn’t read the way you think it should, it’s probably a scam.
The last tip, although this one isn’t 100% fool-proof, is to hover your mouse over the link in the email, and look at the address in the bottom left hand corner of your browser. Does it point to something other than your bank? Is the address banking.ru (for example) rather than royalbank.ca? Or is it just a series of numbers, like 12.36.221.45? That’s also a clue.
If It Feels Suspicious, Go With That Feeling
In the end, if you get an email from a bank you’ve never heard of asking you to confirm your login information, just delete it. If it’s from your bank, check with them in person. But unfortunately there’s not much else to do other than to be aware that phishing is very active online.
Why do people do it? Simple. Because it works. The hit rate doesn’t need to be very high to make it potentially a very lucrative activity. The payoff is probably higher than it is for spam, and spam exists, because enough people respond to it and purchase stuff from it to make it worth doing. Phishing is the same way.
But now that you’ve been enlightened about some of the things to look for, you’re way ahead in the game. Please don’t be a victim of phishing.