How To Protect Yourself from Phishing Scams

Almost every week I receive at least one e-mail that is actually some sort of phishing scam. The definition of phishing is: The attempt to obtain sensitive information such as user names, passwords, and other personal details for malicious reasons, usually by disguising as a trustworthy entity in an electronic communication. In most cases they are done by e-mail.

To give you some idea as to how many people may come close to falling for them, it has been estimated that approximately 30 percent of phishing e-mails get opened. Also, phishing does not only occur to individuals. Some 85 percent of organizations have suffered phishing attacks. Phishing attacks are not only attempts to access your vital information but they sometimes are used to pass on viruses and malware. In fact, the number one delivery method for malware are e-mail attachments.

One common phishing scam is when someone sends you an e-mail that tells you that you need to confirm your information in order to avoid account deletion. The scammer will often send you an e-mail with something like that as the e-mail subject line. When you open the e-mail, there may be something that looks like an official e-mail from a company you may have an account with.

I recently got an e-mail where they were pretending to be from USAA. The e-mail looked legitimate and all of the graphics and everything made it all look so official with their logo and so forth. There was a link provided at the bottom of the e-mail for me to supposedly go to the USAA website. The link, however does not take you to the USAA website, it takes you somewhere else. It looked just like the USAA website but if you look at the URL field in your browser, it listed a different domain. This is how you know that it is a scam.

The URL field is the area in your browser that lists the web address of the location you are at on the Internet. You see, since it didn't say USAA.com in the URL field, I knew that it was a fake.

So what the scammer was trying to do was to get me to log into the website using the user ID and password I would normally use to log into the legitimate site. Once I enter the information, they will have it and be able to log into my account. They would then be able to access my information and do various dastardly deeds that could potentially do a lot of damage to me personally and financially.

Most phishing scams start out with an e-mail similar to the one I had received. They usually will tell you that your account is set for deletion if you don't confirm your information. The information they want you to confirm usually starts with your user ID and password. Once they have that information, you will have problems.

One sign that it is a fake is the location where whatever links they provide will take you. So you should always check the URL field in your browser to confirm as to whether or not you are on the correct website. Another way of determining the legitimacy of the e-mail is the e-mail address that the e-mail was sent from. They generally don't match the domain name of the legitimate website they are trying to replicate.

Often the e-mail address will not be one that makes much sense. Often it will be a combination of random letters and numbers. For example, it could be w875d@DomainName.com. The domain name in the e-mail address will not match the site they claim the link will send you to. So, for the sake of argument, why would a credit card company like Chase send an e-mail from a domain name like 543wxt.com or something strange like that?

Sometimes they will try to be a little more clever and do something like chasebank.creditaccountinquiry.net to throw you off. Since credit account inquiry is part of the domain name, you might be more inclined to be fooled. They use chasebank as the subdomain to further confuse you.

These scammers go through a lot of effort and use elaborate means in order to fool people into providing important account information. It's because, upon extracting that vital information, they have the potential to rob you of a lot of your hard-earned money.

Also, the phishing scams that pass on malware and viruses generally involve the use of an attachment. If you get an e-mail from someone you don't recognize and it has an attachment, don't open it. Doing so will be the equivalent of opening up Pandora's Box.

The recent scams I encountered were similar to the ones mentioned above and when I looked at the e-mail addresses from which the e-mails were sent, the domain name extensions were .edu. I won't say the rest of the domain information because I don't want to bring too much attention to the organizations due to the fact that they were obviously done without the consent of the administrators. But they were domains belonging to universities. So I sent the universities e-mails informing them that someone was trying to do a phishing scam from an e-mail address with their domain name in it.

Other places from which the scamming e-mails are sent are often foreign countries. I know someone who recently got a phishing scam e-mail from a domain with a .pk domain name extension. I looked it up and it was from Pakistan. So many phishing scams come from outside of the United States.

I recommend not only to be careful as to taking the steps I listed above to avoid being scammed but also, whenever possible, inform the various organizations involved so that something can be done to avoid those same scams from affecting other people. After all, someone else might not be as careful as you and they may pay some serious and potentially costly consequences as a result.

So if you take a few extra precautions when receiving any e-mail that asks you to confirm sensitive account information, you should be able to avoid a lot of scams others may have the great misfortune to all victim to. Also, don't click on those attachments within e-mails coming from people you don't know. Consider yourself advised.