Computer Hope

Other Pages

Home
Site map
Computer help
Dictionary
News
Q&A
What's new

Tools

E-mail this page
Print Preview
Edit this page



 

Phishing

Pronounced like fishing, phishing is a term used to describe a malicious individual or group of individuals scamming users by sending e-mails or creating web pages that are designed to collect an individual's bank or credit information. Below is an example of what a phishing e-mail may look like.
 

eBay request: Your Account Has Been Suspended!

Dear eBay customer,

Your Account has been Suspended. We will ask for your password only once.We will charge your account once per year. However you will receive a confirmation request in about 24 hours after the make complete unsuspend process.You have 24 hours from the time you'll receive the e-mail to complete this eBay Request.
Note: Ignoring this message will cause eBay TKO delete your account forever.

To make unsuspend process please use this link:
http://fakeaddress.com/ebay

eBay will request personal data(password;and so on) in this email.
Thank you for using eBay!
http://www.ebay.com/

--------------------------------------------------------------------------------

This eBay notice was sent to you based on your eBay account preferences.If you would like to review your your notification preferences for other types of communications, click here.If you would like to receive this email in text only,click here.

To a user who frequently uses eBay or any online service, these e-mails may appear as if they have come from the company described in the e-mail. However, phishing e-mails are designed to deceive the user and trick them into visiting the links in the e-mail that are designed to steal personal information such as usernames, passwords, credit card information, etc. Below are some helpful tips on identifying these types of e-mails and how to handle them.

How to identify a phishing e-mail.

  1. Company - These types of e-mails are sent out to thousands of different e-mail addresses and often the person sending these e-mails has no idea who you are. If you have no affiliation with the company the e-mail address is supposedly coming from, it's fake. For example, if the e-mail is coming from Wells Fargo bank but you bank at a different bank.
  2. Spelling and grammar - Improper spelling and grammar is almost always a dead give away. Look for obvious errors.
  3. No mention of account information - If the company really was sending you information regarding errors to your account, they would mention your account or username in the e-mail. In the above example the e-mail just says "eBay customer", if this really was eBay they would mention your username.
  4. Deadlines - E-mail requests an immediate response or a specific deadline. For example, in the above example, the requirement to log in and change your account information within 24 hours.
  5. Links - Although many phishing e-mails are getting better at hiding the true URL you are visiting, often these e-mails will list a URL that is not related to the company's URL. For example, in our above eBay example: http://fakeaddress.com/ebay is not an eBay URL, just a URL with a ebay section. If you're unfamiliar with how a URL is structured , see our URL dictionary definition for additional information.

What to do if you're not sure if an e-mail is official.

  • Never follow any links in an e-mail you're uncertain about. Instead of following the link in the e-mail, visit the page by manually typing the address of the company. For example, in the above example, instead of visiting the fake ebay URL, you would type: http://www.ebay.com in your web browser and log in through the official web site.
  • Never send any personal information through e-mail. If a company is requesting you send them personal information about your account or are saying your account is invalid, visit the web page and log into the account as you normally would.
  • Finally, if you are still not sure about the status of your account or are concerned about your personal information, contact the company directly, either through an e-mail address provided on their web site or over the phone.

Issues phishing e-mails commonly address

Below are some of the issues a phishing e-mail may inquire about in order to trick users.

  • Account issues, such as account or password expiring, account being hacked, account out-of-date, or account information needing to be changed.
  • Credit card or other personal information, such as credit card expiring or being stolen, incorrect social security number or other personal information, or duplicate credit card or other personal information
  • Confirming orders, such as request that you log in to confirm recent orders or transactions.

Common companies affected by phishing

Below is a listing of some of the companies phishers often send e-mails about.

  • Any major bank
  • Popular web sites such as: Amazon, MySpace, PayPal, eBay, Microsoft, Apple, Hotmail, YouTube, etc.
  • Government: FBI, CIA, IRS, etc.
  • Internet service providers such as: AOL, MSN, etc.
  • Casinos and lottery.
  • Online dating or community web sites.
  • See document CH000464 for additional information about protecting your computer from unauthorized access.

Also see: 419, Chain mail, Con, E-mail, Identity theft, Pharming, Security definitions, Spam, Spear phishing

 

Index

Category:
Dictionary

Related Pages:
P - Definitions

 
Resolved

Were you able to locate the answer to your questions?

Home - Computer help - Contact - Dictionary - Links
Link to Computer Hope - Bookmark Computer Hope

Copyright 1998-2008 by Computer Hope (tm). All rights reserved
Legal Disclaimer - ESD Warning - Privacy Statement