Phishing is an online con game, and phishers are nothing more than tech-savvy con artists. In a typical phishing scam, phishers send out emails, which appear to come from a legitimate company, in an attempt to scam users into providing private information that will be used for identity theft.
Phishers use a variety of sophisticated devices to steal information—including pop-up windows, URL masks which simulate real Web addresses, and keystroke loggers that capture account names and passwords.
To protect yourself against phishing, follow these basic guidelines:
- Be wary of emails asking for confidential information—especially of a financial nature. Legitimate organizations will never request sensitive information via email.
- Don’t get pressured into providing sensitive information. Phishers like to use scare tactics, and may threaten to disable an account or delay services until you update certain information. Be sure to contact the merchant directly to confirm the authenticity of their request.
- Watch out for generic-looking requests for information. Fraudulent emails are often not personalized, while authentic emails from your bank often reference an account you have with them.
- Never submit confidential information via forms embedded within email messages.
- Never use links in an email to connect to a website. Instead, open a new browser window and type the URL directly into the address bar.