What is a Phishing Scam?

Phishing refers to an attempt by a hacker to obtain confidential information about a user through fraudulent means; specifically by pretending to be a legitimate communication from a credible source. In a typical phishing scheme, a spam email will direct a reader to an external website, often with a masked URL. The site will typically be made to resemble a real site and will ask the user to “update” personal information such as credit card numbers, passwords, social security numbers, bank account numbers, etc. The email sent to the user will often claim that their account will be deleted unless certain information is verified via the link on the email. When the user inputs his or her information, it falls into the hands of the cybercriminal. Cybercriminals who use phishing scams can send out mass emails from very popular sites to large groups of unrelated email addresses with the knowledge that at least some of them will have accounts with that site. Hence, they are “fishing” for users of that site using the email and phony link as “bait.” Phishing can also be performed through instant messaging. To avoid being a victim of phishing, be wary of emails that ask you to verify you account information, that say you’ve won something, or that give you a time limit like 24 or 48 hours to perform a function on the site. If it’s too good to be true, it probably is!

Comments are closed.