What is phishing?

Phishers begin by sending an e-mail (or instant message) to you, asking you a question about some type of legitimate business (such as their bank or an online company like e-bay).  From there, they try to send you to a fraudulent website which looks authentic (as if it’s actually related to the business in question) and request you to enter your personal information (including social security numbers, bank accounts, or credit card numbers).  Then they take that information and use it to steal from you.  Some of the phishing sites appear incredibly authentic, and it can be very challenging to know who to trust.

Some of the most popular things phishers ask include needing your password to verify information (on Paypal or e-bay) or needing credit card numbers or bank accounts to confirm billing information.  Nowadays, many companies will post broad statements such as, “No one at this business will ever ask for your personal information to verify accounts” – or something along those lines to ensure their customers feel safe with them. 

Recent phishing activity has included phishers discovering which banks were popular with various types of people and sending out targeted phishing e-mails which asked for specific secure numbers.  This is called ‘spear phishing’.  Similarly, phishing those who run corporations or who are high up in business is called ‘whaling’.  The most recent phishing exploitations have occurred on social networking sites, such as MySpace.  Phishers asked for passwords to verify this or that, and when they got them, they used the personal information found on the page in ‘identity theft’.  The best way to protect yourself from any of this is to always call the company in question and speak to someone in person, rather than relying on internet communication for secure information.