Experienced computer users know what phishing is – any attempt to con users into handing over sensitive information, including usernames and passwords. However, many computer users still get fooled by phishing emails. To protect yourself, you need to know what a phishing email looks like. Here’s a screen shot of one I recently received claiming that my PayPal account had been compromised.
As you can see, the email includes a link that appears to be a link to the official PayPal Website at www.paypal.com. However, when I point to the link, I can see the real address it points to by looking in the status bar at the bottom of the email window. As you can see, the address is far different than the one shown in the body of the email. Using this same technique, you can quickly identify most scams.
If you click the link in a phishing email message, two bad things happen:
- You notify the sender that you received the message and that the email address they have on file for you is legitimate. You’re now likely to get more junk mail and expose yourself to more attempts at defrauding you.
- You open an illegitimate website in your browser. Any data you enter on the site is passed along to the con artists who want to scam you.
If you receive an email such as this, don’t click anything. You can delete the message or forward it to the security department of whatever company the email claimed to have come from. For example, if you receive a suspicious email message claiming to have come from PayPal, you can forward the message to firstname.lastname@example.org.
If you receive an email message that looks legitimate and indicates a problem with an account you have, don’t click any links in that email message either. Instead, pull up the online account in your web browser the way you normally do – by selecting the site from your list of favorites or typing its address yourself. Sign in, and check for any problems or warning messages related to your account. If everything seems okay, the warning message you received was probably bogus.
In short, don’t let an email fool you into clicking a link that takes you to a bogus site. Any information you enter on that site could be used to hack into your accounts.