How To Spot A Phishing Scam

2009 April 8
by Kyle
from → Personal Finance

Phishing is the scam du jour on the internet these days, and it cost the U.S. $3.2 billion in 2007 according to Tom’s Hardware.  That’s a massive amount of money and the sad thing is, phishing scams are among the easiest to detect and are 100% preventable.  Even users completely lacking in any sort of computer savvy whatsoever can easily learn to sniff out a phishing scam when they see one.

What Is Phishing?

Phishing can take many forms, but the purpose is always the same:  to trick unsuspecting internet citizens into revealing their sensitive financial information such as credit card number, social security number, and bank account information.  The scammers then take that information and use it for their own financial gain, often buying expensive items on credit, stealing their victims’ identities, and even transferring money directly out of their victims’ brokerage accounts.

Characteristics Of A Phishing Scam

Phishing scams are easily identifiable if you know what to look for.  We’ll start with the most obvious.

  • The “official” email is sent from a free email account – Yesterday, I received a phishing email from what claimed to be a customer service representative at Bank of America.  The giveaway?  It was sent from a yahoo email address.  Any email originating from Bank of America is going to come from an email address @bankofamerica.com, not @yahoo.com  This is the surest and most easily-identifiable sign of a phishing scam.  Delete these emails immediately.
  • The link redirects to an unrelated domain – That same email purporting to be from Bank of America actually contained a link to the following url:  http://210-213-59-64.static.asianet.co.th/webapps/. Obviously, Bank of America’s website is not hosted at the “asianet.co.th” domain in Thailand.  The real website is, wait for it, http://bankofamerica.com.  This is a dead giveaway.  ALWAYS make sure the website you are directed to is actually hosted under the exact same domain as the company’s actual website.  I must emphasize here that the domain must be exactly the same.  A smart scammer would have chosen a similar-but-slightly-different domain such as http://bancofamerica.com or even http://bankofamerica.net (were it available) to try to fool you.  The .com and .net domains are not interchangeable and aren’t guaranteed to point to the same website.
  • The entire email is an image – Often, scammers will send their email as an image with a white background that appears to be plain text in order to avoid increasingly-intelligent spam detectors.  An email with an image of text instead of text itself is almost always a scam and should be deleted immediately.
  • Misspellings and awkward grammar – Most scammers are not native English speakers, and it shows.  If Bank of America were really to send out a mass email to all its customers, don’t you think they would at least spell-check it first?  Of course they would.  The email I received yesterday misspelled no fewer than three words, including such common and simple words as “matter,” “patience,” and “password.”  As a general rule of thumb, never give your password to somebody who can’t spell “password.”
  • Any email asking for personal information – A reputable company will never ask for personal account information via email.  Let’s me say that again:  a reputable company will never ask for personal account information via email.  One more time:  a reputable company will never ask for personal account information via email.  There are no exceptions to this rule.  Any email asking for a password, credit card number, account number, social security number, username, or any other conceivable form of sensitive personal information is, by definition, a phishing scam.  If you receive one of these emails, you can be 100% certain it is a scam.  Do not click on anything and delete it immediately.  If you have questions regarding information in the email that might alarm you, google the company’s actual website and call their customer service number.  They will probably ask you to forward the fraudulent email to their IT department for investigation.  Under no circumstances should you give out any personal information via email.  Ever.

Did you enjoy this article?


Please subscribe to our blog via RSS Feed and get great new content delivered straight to your desktop every day!

Or if you prefer, you can have daily updates delivered to you via Email.


Blog Traffic Exchange Related Posts Blog Traffic Exchange Related Websites
No comments yet

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS