How to Recognize a Phishing Scam - dummies

By Dan Gookin

The phishing scam is so deceptively simple that you would think for a moment it could never work. Often, it starts with a phony email message. The message looks like it’s from your bank, the government, an online retailer, or some outfit you would do business with. It may have graphics that look official. It may even have a disclaimer or security alert in the message.

The message requests information and implies a sense of urgency: Something bad will happen if you don’t reply to the email or visit a website. Part of your duty is to supply sensitive information: account numbers, Social Security information, credit card numbers, personal identification numbers, mother’s maiden name, or passwords, for example.

The phishing scam works because of social engineering. It’s much easier to believe that something bad will happen if you don’t do anything than it is to simply ignore what is basically a cleverly disguised scam.

First, a word of reassuring advice: Nothing legitimate ever gets passed through email. Your bank may email you, but if there’s a problem with your account, someone will definitely phone or send you a regular letter — not an email message.

Second, tools available in both the web browser and email program can help you quickly identify a phishing scam. Check out Internet Explorer Phishing Filter and junk mail options is Windows email applications to be able to screen phishing attempts.

One of the many Phishing Filter tools will test a website that you suspect of being a phishing site.

To test a website for a potential phishing scam in Internet Explorer 8, choose Safety→SmartScreen Filter→Check This Website. In older versions of Internet Explorer, choose Tools→Phishing Filter→Check This website. You see an information dialog box asking you to confirm the website address and to ensure that it was what you were suspecting. Click OK to dismiss the dialog box.

If the website looks bad and hasn’t been reported yet, you can report it yourself: In Internet Explorer 8, choose Safety→SmartScreen Filter→Report Unsafe website. In older versions of Internet Explorer, choose Tools→Phishing Filter→Report This website. Information about the site is sent to Microsoft.

If the website is confirmed as a phishing site, the site address is added to several lists, and web browsers using phishing filters are blocked from accessing the site.