How to Spot Phishing
The text from the following e-mail sounds legitimate enough, but in reality, you may be the victim of a phishing attack. Identity thieves, masquerading as Citibank, PayPal, or other financial or Internet companies, try to dupe you into clicking phony links to verify personal or account information. You’re asked for home addresses, passwords, social security numbers, credit cards numbers, banking account information, and so on.
Bottom line: Never click links embedded in suspicious e-mails. When you hover the cursor over a link such as www.paypal.com, it actually leads elsewhere.
To lend authenticity to these appeals, the spoof e-mails often are dressed up with real company logos and addresses, plus a forged company name in the From line (for example, From: email@example.com). Phishing may take the form of falsified company newsletters. Or there may be bogus requests for you to reconfirm personal data.
So how do you know when the e-mail request you’re reading is really a phishing attack?
Obvious giveaways in some fake e-mails are misspellings, rotten grammar, and repeated words or sentences.
No company on the level is going to ask you to reconfirm data that’s been lost.
Reputable companies usually refer to you by your real first and last names and business affiliations rather than Dear Member or Dear PayPal Customer.
If you have doubts that a communication is legit, open a new browser window and type the real company name yourself (for example, www.ebay.com or www.paypal.com.) Your gut instincts concerning phony mail are probably on the mark.
Here’s an actual excerpt lifted from a phishing attack:
Dear Citibank Member,
As part of our security measures, we regularly screen activity in the Citibank system. We recently contacted you after noticing an issue on your account. We requested information from you for the following reasons:
We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive Citibank account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.
This is a third and final reminder to log in to Citibank as soon as possible.
Once you log in, you will be provided with steps to restore your account access. We appreciate your understanding as we work to ensure account safety.
Citibank Account Review Department