What Is Phishing?

Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. It’s attempting to gather information such as Social Security Numbers, usernames, passwords, credit card details, and sometimes money.

The FTC states that “scammers use email or text messages to trick you into giving them your personal information.”

Phishing Explained

Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information such as account usernames and passwords that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code.

How to Protect Yourself From Phishing Scams

1. Verify the email address

Don’t click on links or download information from unknown addresses. Scammers are also pretty good at masking email addresses. Look at the email address to verify that it came from a legitimate source. Look for misspellings or foreign extensions.

For example, This example shows a missing “a” and an Australian domain extension.

2. Don’t click on links within the email or pop-up screens

Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t know the sender or user’s handle.

The best practice is to open a separate browser and type in the URL yourself. Unsure of the URL? Call your credit union or bank or use Google search to confirm. Avoid entering any information on pop-up screens.

Make it a habit to always check for the proper spelling of URLs.

3. Be mindful of social media requests

Never give out personal information through any social network. Social networks are a great medium for collaboration, but they can also be misused by scammers.

Companies that have your sensitive personal information will never ask you to verify your account through such a public setting.

4. Communicate verbally or through a secured chat

When giving out information, make sure you’ve initiated the contact. Give your personal information over the telephone or through secured online chats.

When in doubt, you should initiate any verification of information. This means you’re asking for something done and have contacted the company directly. Any person who calls or reaches out to you in any form should not be given any personal information.

5. Avoid filling out unknown forms

Avoid filling out forms in email messages that ask for personal financial information. Always ensure you use a secure website when submitting credit card or other sensitive information via your Web browser.

Additional Tips

  • Regularly check your financial institution, credit, and debit card statements to ensure that all transactions are legitimate.
  • Ensure that your browser is up to date and that security patches are applied.
  • Always report “phishing” or “spoofed” e-mails to the appropriate companies.