Posted in:

What is Phishing and Why Should You Care?

© by iStock

Phishing has been around since the early days of the Internet. It’s an old scam that hackers keep coming back to because it works so well. It is essentially a social engineering attack, where a cybercriminal emails you pretending to be someone they’re not. 

They might pose as your bank or online payment service provider and ask you to provide them with your username and password, or some other sensitive information. If you give away that information, the hacker can log into your account, steal your money and wreak havoc on your life in many ways. 

That’s why it’s important for everyone to understand what phishing is and how to avoid falling for these common hacker tricks.

What is phishing?

Phishing is the attempt to acquire sensitive information from users by masquerading as a trustworthy source. The most common type of phishing scam targets people looking to make online purchases by tricking them into handing over their credit card or bank account information. 

Phishing emails often appear to come from retailers like Amazon or Walmart or seem to be notifications from banks about unclaimed funds. The emails try to direct recipients to visit a website that looks legitimate but is actually created by scammers who are trying to steal their information. 

Each year, millions of people fall victim to phishing scams. An individual may receive dozens of phishing emails in a single day. In some cases, people who receive these emails report them to law enforcement. However, in most cases they are unsure what to do and simply ignore the emails.

How to spot a phishing email

If you want to determine whether an email is legitimate, you’ll need to closely examine it. Phishing emails often contain spelling mistakes, incorrect logos and incorrect URLs. However, hackers are well aware of this fact, and many now create emails that are near-perfect replicas of legitimate emails. 

You should also be aware of what information is in an email. If you receive an email from your bank, the name of the bank is likely to be at the top of the email. If the name isn’t in the email’s subject line or the first few paragraphs of the message, you should question whether the email is legitimate. 

If a phishing email contains a URL that doesn’t match the name of the company it claims to be from, it’s a sign that the email is fraudulent. For example, a phishing email from “Google Security” that urges you to click a link to “update your account” is likely a scam.

How phishing works and why it’s effective

Phishing emails are typically sent to thousands of users at once. Hackers often buy lists of email addresses from other scammers, or they use common software that crawls the web and collects email addresses. Some phishing emails are sent to millions of users. 

Because phishing emails are sent to so many people, the hackers hope that only a small percentage of the recipients will notice that the emails are fraudulent. Those few people who do notice the scam may be unsure what to do. 

Some may try to report the scam to the company whose name is used in the email, but real companies don’t have a way to report false emails or collect information about phishing scams. The success of phishing scams comes largely from the false sense of urgency created by the emails. 

Many phishing emails have a subject line that appears to be from a law enforcement agency or a financial institution. The emails often direct recipients to act quickly, sometimes warning them that their account will be frozen or their property seized if they don’t act quickly.

Some players at online casinos have reported that they have received phishing emails disguised as the casino alerting them to some fictitious problem. To avoid this, you should consider registering at a casino without ID.

Tips to avoid falling victim to a phishing scam

If you receive a phishing email, do not click any links in the message. Instead, you should report the email to the company that it claims to be from and then delete the message. Some experts recommend that you forward the phishing email to the company’s real address, or report it to the company through a web form. 

The reasoning behind this is that it tells the company that there is a problem with their email system. However, this strategy may not always work. A few companies have different departments that deal with phishing emails. 

Sending the message to the wrong person may not get it in the right hands, causing the email to be deleted before anyone can take action. For the best results, you should forward the email to the company’s email address, not their general website address. This gives the message a higher chance of being received by the right person.