These days, the stealing of personal information online (often referred to as “identity theft”) is rampant, and criminals are constantly at work cooking-up new ways to fish for information they can profit from.
A phishing scam refers to an effort by criminals to fool you into revealing personal information, such as bank account numbers, credit card details, and personal data, such as your social security number.
One of the most successful tools used by criminals is known as a phishing email. A phishing email is designed to look like an official email coming from a source that you trust (such as your bank or major credit card) telling you that it’s imperative you take immediate action to update your account, provide authorization, or some such action that sounds like you’d better do it right away. The “official” looking email often contains the logo of the bank or credit card it’s supposedly coming from; the colors are the same, the look-and-feel is the same as the real sender might use. But there are tell-tale signs that these emails are fake, and you need to know what they are.
Here’s an example of a phishing email that appears to come from Bank of America:
You might be fooled into thinking it’s real — here are the tell-tale signs that it’s not:
Read the text of the email carefully. Bank of America is a big company, and they can afford to hire writers and proofreaders. Phrases such as, “…we observed multiple login attempts error while login in to your online account…”, “We have believed that someone other than you…”, and “…we have temporarily suspend your account…” are dead giveaways that this forgery was written by someone who does not master the English language.
Hover your mouse over the links. Never — NEVER — click on a link in a suspect email, but you can hover your mouse over the link and look at the website address that appears (usually in a text bubble or at the bottom of your screen) to see where the link really points. The website address may contain the words “bankofamerica”, but pay close attention to the entire address — it’s the first “.com” or “.org” in the address that matters; anything after that is irrelevant.
Finally, if you are ever in doubt, type your bank’s website address into your browser yourself in order to arrive at their genuine website.