What is phishing?

How to phishing scams work?

“Phishing” is computer slang for stealing passwords and other private account information. Scammers go “fishing” for victims and try to trick them into giving away access to private bank accounts, credit cards, or email accounts. We have posted many examples of phishing scams here at scamhunter.org in order to help people avoid getting caught in the fraudsters’ traps.

Phishing is just another type of confidence game. Most phishing scammers today work by sending out thousands of email messages that look like they are coming from a bank, or a credit card agency, or an online service like PayPal or Amazon. The message will usually tell you either (a) you’ve done something wrong that you need to correct; or (b) the bank or company has done something wrong and they need your help to fix their own error.

A careful scammer will put together a message that looks very official, in order to gain your confidence. Most people do some of their shopping online, and so it’s common for many of us to occasionally receive genuine messages from Amazon.com (for example). The phishing scammer will make an exact copy of a genuine Amazon.com email, and then — this is the key trick — insert a phony link that will take you not to Amazon.com but to the scammer’s private website. There you’ll be asked to enter your username and password, just as you always do when shopping at Amazon, and bingo: the scammer has your private log-in information. He can then go to the real Amazon site, buy hundreds of dollars worth of merchandise in your name, and ship it anywhere he wants. By the time you’ve discovered what’s going on, the scammer has vanished and his fake website has been deleted.

Phishing scams involving banks or online services like PayPal work the same way. You get a message that looks like it’s coming from your bank telling you that (for example) there has been a security breach in their computer system and you need to re-confirm your online banking details. “Just click this link and enter your information….” Don’t do it!

If you get a message that you think may be suspicious, look at the details of the included link. In many web browsers if you hover your mouse pointer over the link it will show you the URL the link is pointing to. If the message claims to be from PayPal, but the URL of the link is something like “paypal-form.randomsite.com” you can be sure it’s a scam message.

The online world is great, but life online has the same kinds of dangers that life in the offline world has. We all have to be careful and vigilant, and aware of our surroundings, in order to remain safe.

—The Scam Hunter