Phishing is a general term for e-mails, text messages and websites fabricated and sent by criminals and designed to look like they come from well-known and trusted businesses, financial institutions and government agencies in an attempt to collect personal, financial and sensitive information. It's also known as brand spoofing.
- The content of a phishing e-mail or text message is intended to trigger a quick reaction from you. It can use upsetting or exciting information, demand an urgent response or employe a false pretense or statement. Phishing messages are normally not personalized.
- Typically, phishing messages will ask you to "update," "validate," or "confirm" your account information or face dire consequences. They might even ask you to make a phone call.
Example of a Phishing E-mail
In some cases, the offending site can modify your browser address bar to make it look legitimate, including the web address of the real site and a secure "https://" prefix.
Information sought: Social insurance numbers, full name, date of birth, full address, mother's maiden name, username and password of online services, driver's license number, personal identification numbers (PIN), credit card information (numbers, expiry dates and the last three digits printed on the signature panel) and bank account numbers.
What your information could be used for: Phishing criminals can access your financial accounts, open new bank accounts, transfer bank balances, apply for loans, credit cards and other goods/services, make purchases, access your personal email account, hide criminal activities, receive government benefits or obtain a passport.
How to prevent:
- Be suspicious of any e-mail or text message containing urgent requests for personal or financial information (financial institutions and credit card companies normally will not use e-mail to confirm an existing client's information).
- Contact the organization by using a telephone number from a credible source such as a phone book or a bill.
- Never e-mail personal or financial information.
- Avoid embedded links in an e-mail claiming to bring you to a secure site.
- Get in the habit of looking at a website's address line and verify if it displays something different from the address mentioned in the email.
- Regularly update your computer protection with anti-virus software, spyware filters, e-mail filters and firewall programs.
- A number of legitimate companies and financial institutions that have been targeted by phishing schemes have published contact information for reporting possible phishing e-mails as well as online notices about how their customers can recognize and protect themselves from phishing.
- Regularly check you bank, credit and debit card statements to ensure that all transactions are legitimate.