Personal Information Scams (Phishing)

The most popular and consequently the most dangerous form of e-mail fraud is “Phishing.” Phishing is any fraudulent attempt to obtain any of your private information such as your user names, passwords, and credit card details by someone posing as a legitimate organization through electronic messages, most typically e-mail or instant messaging. The first recorded use of the term “phishing” is thought to be in 1996, although the term also seems to have been used before that. A variant of “fishing,” it implies baiting someone to “catch” protected information. Social websites such as YouTube, Facebook, MySpace, Windows Live Messenger; auction sites such as eBay; online banks such as Wells Fargo, Bank of America, Chase; online payment processors such as PayPal; and e-mail services such as Yahoo have all fallen victim to being used by phishers to lure innocent consumers to reveal information that can be used fraudulently.

The main thing phishing e-mail messages have in common is that they ask for personal data by directing you to websites or providing phone numbers for you to call where they ask you to provide personal data. Experiments have shown a success rate of more than 70% for phishing attacks on social networks, and the growth of phishing since 2004 is alarming.

Phishing e-mail messages may appear to be from a legitimate organization, such as your financial institution, or a retailer that you may have done business with previously. These e-mails often direct you to a website that mimics the legitimate website and ask you to “update” or “verify” your personal information, resulting in identity theft. Phishing e-mail often includes official-looking logos and other identifying information taken directly from legitimate websites, and it may include convincing details about your personal information that scammers found on your social networking pages.

Other forms of phishing e-mails include e-mails that warn you there is fraudulent activity on an account of yours and ask you to click through to verify your information, and e-mails that claim you will lose something such as a bank account. Phishing scams attempt to trick you into clicking through immediately by using messages that cause you to panic. Claims like these nearly always indicate a phishing scam as responsible companies and organizations don’t take these types of actions by e-mail. If you think the message may be legitimate, type the company’s website address into your browser without clicking through from the e-mail, or contact the company by the telephone number on legitimate correspondence you have from the company to see if the e-mail message is legitimate.