How To Recognize A Phishing Email Message

by: Colleen Durkin

Phishing is the practice of sending fraudulent email messages supposedly from a legitimate company or organization in order to trick someone into giving out personal and confidential information. This information could include a user ID, password, credit card number or even a Social Security number. At its most basic level, Phishing is a form of identity theft. It is one of the fastest growing cyber crimes, and there are estimates that 1 in 20 people who receive a Phishing email will respond to it with their personal information. Since the criminals who send out these Phishing messages are good at what they do, it’s important to be able to recognize a Phishing email so you won’t respond to their request and become a victim of identity theft. Here are a few signs that the message you have received might just be a Phishing expedition.

• The email message is generic. Phishing emails are sent out in bulk to thousands of people, so you’ll see a generic greeting like ‘Dear Valued Customer’ and not directly addressed to you by name.

• The message gives a false sense of urgency. Phishing emails are developed and designed specifically to push the recipient to immediate action. If there is no compelling reason to respond to the message, you won’t. But if there is a fear of some kind of consequence for not providing the requested information you might just be motivated to act quickly.

This fear, urgency or even panic created by a Phishing email begins right with the subject line. Here are a few examples from actual Phishing messages:

‘Online Alert: Online Account is Blocked’

’Fraud Report’

’Credit Card Declined Notice’

’Unauthorized Account Access’

The text of the message builds upon the initial sense of urgency. A message may state that your account will be closed within 24 hours if you don t verify your information. Sometimes the messages state that there has been suspicious activity on your bank account, or your credit card has been charged by an undesirable web site.

The criminals who send out Phishing emails have taken their scam to a new level. Now people are getting Phishing messages that offer a reward for responding to the message. The newest Phishing scam is a message that states you ve won a gift card somewhere (JC Penney, Circuit City and The Sports Authority have been recent ones), and you need to click the link in the email to provide the information where the gift can be sent. Other Phishing emails offer free enrollment in a fraud protection program by clicking the link and providing the requested information.

• The message states specifically “this is not a scam”. How does that saying go if it looks like a duck and quacks like a duck, it probably is a duck. Legitimate messages don’t need to state the obvious.

• A request is made to verify your information, and a link provided for you to do so. Phishing emails will use some tactic in order to trick the recipient into providing confidential information. This request is often tied in with the false sense of urgency created in the message. The link will take you to a very authentic looking site and ask you to fill in certain personal information. If you recognize you’ve made a mistake and you try to go back to a Phishing web site you probably won’t find it. The average lifespan of a Phishing web site in December 2004 was 6 days.

The link that is included in the email message for you to click and provide information might look legitimate, but it isn’t. Often the criminals will create a web site that has almost the same name as the original web site. They might add the word “verify” or use some other word along with the company name. You should never click a hyperlink in an email, especially if you don’t know who sent it to you.

Knowledge can be power when it comes to protecting yourself from identity theft and Phishing scams. Be aware of the tricks a criminal might do to steal your information, and don’t fall prey to them.

About The Author

Colleen Durkin writes about spyware protection. Learn more at http://spyware-removal.thrcomputer.com.