Phishing is when someone sends fraudulent emails in an attempt to access your personal information — or to manipulate you into giving them your personal information directly. And these phishing emails typically look very credible. Here are a few examples of phishing emails:
- Asking you to reply with confidential information: In this situation, the email is designed to look like it was sent from a trusted source — say your email provider, Amazon.com, or even your bank. The email may ask you to reply directly with your personal information — such as your account information or your Social Security number — for “verification purposes." Once you do, the scammer then has your confidential information. These emails often look legitimate, but always remember that a trusted source will never ask you to reply to an email with any type of personal or confidential account information.
- Asking you to click on a link: Many phishing attempts also use links to fake websites, and here's how they do that. You'll receive an email that appears to be from a trusted source, and the email message asks you to click a link within the email to log in to your account. The email may express urgency about this, claiming they need you to verify your account information because someone tried to access your account, or because the company is doing routine maintenance. Once you click that link, though, you're sent to a fake website that looks nearly identical to a website you trust. You enter your information, thinking you're logging in to your legitimate account, and then your info is sent straight to the scammer — with you none the wiser.
- Asking you to open a file: Recently, phishing email scams have evolved to include mimicking popular cloud-based storage sites like Dropbox and Google Docs. For example, you could receive an email that appeared to be from a trusted source, such as the company you work for or a reputable financial institution, asking you to open a Google Docs file. Doing so, however, would give scammers access to you email account and contacts list.
Why phishing works
Phishing's effectiveness relies on what anti-virus software company AVG defines as “human fallibility" rather than on the weakness of a particular hardware or software configuration.2
With phishing, scammers try to appeal to your emotional side by spoofing the name of a person or company you know so that you feel a sense of trust. Or they'll try to bring out your inner curiosity by dangling a link to a Google Doc or Dropbox file, leaving you wondering what it contains.
Another common tool for these scammers is urgency. The email you receive might say that your account has already been compromised and you need to act quickly, or that a co-worker needs something immediately before you both get fired. Whatever the context, the goal is to get you to act without thinking.
If you suspect a phishing attempt is sitting in your email inbox, here's what to do.