We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Security

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What is a Phishing Scam?

By R. Kayne
Updated: May 16, 2024
Views: 32,380
Share

A phishing scam is an identity theft scam that arrives via email. The email appears to come from a legitimate source such as a trusted business or financial institution, and includes an urgent request for personal information usually invoking some critical need to update an account immediately. Clicking on a link provided in the email leads to an official-looking website. Personal information provided to this site, however, goes directly to the scam artist.

Fraud is a growing problem on the Internet as people are tricked into providing personal information including credit card numbers, passwords, Mother's maiden name, bank account numbers, ATM pass codes and social security numbers. Virus protectors and firewalls do not catch most phishing scams because they do not contain suspect code, while spam filters let them pass because they appears to come from legitimate sources.

The links included in phishing scams take the unsuspecting person to a fraudulent website designed to mimic the real thing, often down to the smallest detail including copyright notices, submenu titles and so on. It's virtually impossible for most people to tell they are the target of a phisher by looking at the site alone. Clues in the address can sometimes reveal the deception, however.

Similar looking characters might be substituted in the spelling of the link for the real character so that a "1" (numeral one) is used in place of a lower-case "L." For example, phishers have used paypa1.com rather than paypal.com. Other times an IP address — a numerical address — is used to hide the fact that the link is not taking the victim to the real site. Phishing scams have become so sophisticated, however, that phishers can also appear to be using legitimate links, right down to the real site's security certificate.

The best way to someone can protect himself from phishing scams is to avoid supplying personal information to an email request. If the request might be legitimate, the company's customer service department should be called to verify the request before providing any information; any phone numbers contained in the email, if any are included, should not be used. Even if the request is legitimate, one should manually enter the required address in the browser rather than clicking on a link, as a phisher scam could conceivably run concurrent with legitimate business.

For example, in early April 2005 a mass emailing that appeared to be from Microsoft Corporation urged recipients to download a much anticipated security update. Those that clicked on the link in the email were taken to a site that looked like a legitimate Microsoft update site. Instead of updating their software, however, they were actually downloading a Trojan horse — a remote access program that can steal personal information. Microsoft does not use email notification in this way, but many users were caught unaware.

The famous "letter from Nigeria" was another type of phishing scam. This type of scam is so prevalent, it has its own name: 419 scam. The phisher pretends to be a Nigerian official in distress requiring a US bank account to offload money. The person who allowed temporary use of their account would receive a handsome reward. Instead those who provided their banking information become victims of theft.

In the US, the Federal Trade Commission (FTC) and others have concentrated on public education to fight phishing scams, as catching phishers is difficult. Fraudulent sites operate for very short periods of time and scams are often run from other countries. In March 2005, Microsoft filed 117 phishing lawsuits in the Western District of Washington with unnamed defendants.

The Anti-Phishing Working Group (APWG) is an international organization of volunteers working to track phishing scams. Their website keeps an online database of fraudulent emails submitted to them. You can check this site for new scams, or send them phisher email you receive. The APWG is largely an information hub but they do provide links to consumer resources. The FTC also has advice for consumers, an email address for reporting phishing, on their website.

Share
EasyTechJunkie is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Discussion Comments
By anon173187 — On May 06, 2011

it also happens in Facebook. I can't open my account recently, so it's good that my yahoo account is there so I changed my password. Then, after that, i received a message in facebook saying, "You recently changed your Facebook password. As a security precaution, this notification has been sent to all email addresses associated with your account."

If you did not change your password, your account may have been the victim of a phishing scam.

By anon173115 — On May 06, 2011

This morning I was surprised because I can't open my email anymore. I remember I am receiving mails from my spam everyday with suspicious contents. Now every day I am deleting it, but now I can't open my email using my password knowing that I didn't change it. Please, can somebody explain what happened? I have my files attached on my emails regarding my personal information but no card numbers, passwords or any financial means. Thanks!

By johnhout — On May 14, 2010

I started getting this every day. At first I did not understand what they were. When I found out I started reporting them to phishing scams.

I suggest you do this. it helps people to identify the scams and help prevent people from being scammed.

By lokilove — On Mar 06, 2010

I used to get a lot of the 419 scams, but thankfully I haven't had one in a while now.

The most recent phishing email I've received was a year ago. I came so close to clicking the links because it supposedly had come from my bank. The email had the exact logo and the wording seemed very professional. I was suspicious enough to call and speak to customer service, and they said not to click anything and to forward the email to them.

Since I guess you can't even trust the security certificate anymore, just always call the bank first!

It's better to feel a bit foolish than to be flat broke.

Share
https://www.easytechjunkie.com/what-is-a-phishing-scam.htm
Copy this link
EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.