The term is a variant of fishing, and that’s what the identity thief does, they go phishing with increasingly sophisticated bait. Phishing is an illegal attempt to gain your confidential information while you’re seated at your computer. They are after info like usernames, passwords and credit card details and they do it by pretending (online) to be trustworthy financial institutions or companies asking you to enter critical information. eBay, PayPal and online banks are often targeted.
Often the bogus e-mail will ask for some sort of verification, possibly about an account number or password, because they are carrying out an auditing process and because these e-mails look so official, up to 20% of the unsuspecting recipients will take the bait and become victims of financial loss or identity theft or both. Emails, instant messaging, spam, pop-up messages and malicious Websites are used to direct you to a web-site that looks darn close to your financial institutions web-site and then you are requested to enter your crucial data.
Recently, senior executives and other high profile persons in business have been specifically targeted and the term ‘whaling’ has been coined. Even before phishing was an issue, legitimate businesses and banks would rarely ask you for your personal data by way of e-mail. If you do receive a request, call the business or financial institution and ask questions or log onto the legitimate web-site. Look for grammatical errors and typing mistakes because that should set off your alarm. If the e-mail is referring to a web-site then look very carefully at the URL.
It is not difficult to disguise a link to a site so be conscious of the @ symbol because most browsers will ignore any character that is ahead of the @ symbol, so this web address…http://www.legitimateinstitution.com@IamIdentityThief.com….may appear to be a page of Legitimate Institution’s site. However, it will take the unsuspecting victim to IamIdentityThief.com The more length the URL has, the easier it is to hide the real destination address. Different ways to disguise URLs is by substituting similar looking characters, so that paypal.com could be (and has been) paypa1.com (do you see how the l was substituted for number 1) An identity thief can also substitute the letter O for a 0 (zero).
If you are going to visit a website it is wise to type the address directly into the browser as opposed to following a link. To be safe and secure only provide personal information on websites that have "https" in the web address or have a lock icon at the bottom of the browser.
If you have a good internet security product you will be able to confirm the authenticity of a web site. Identity thief phishers are skilled in the art of acting and persuasion and often use emotional language using scare tactics or urgent requests to trick recipients to respond. Some identity thief phishers will take the time and effort to use copyrighted images from legitimate sites and now the site looks quite legitimate. If the truth be known, requests for confidential information via e-mail or Instant message have a tendency to not be legitimate.
Often, the phisher will not personalize his message and may share similar properties like details in the header and footer. If you haven’t already, you should buy a good internet security product. You should consider a program that will protect your identity when your online banking and shopping, that will detect suspicious web sites, that can verify and authenticate valid web sites, that can intercept phishing mail, blocks keystroke loggers and screen captures and encrypts and protects your passwords.
