Phishing is similar to fishing in a lake, but instead of trying to capture fish, phishers attempt to steal your personal information. They send out e-mails that appear to come from legitimate websites such as eBay, PayPal, or other banking institutions. The e-mails state that your information needs to be updated or validated and ask that you enter your username and password, after clicking a link included in the e-mail. Some e-mails will ask that you enter even more information, such as your full name, address, phone number, social security number, and credit card number. However, even if you visit the false website and just enter your username and password, the phisher may be able to gain access to more information by just logging in to you account.
Phishing is a con game that scammers use to collect personal information from unsuspecting users. The false e-mails often look surprisingly legitimate, and even the Web pages where you are asked to enter your information may look real. However, the URL in the address field can tell you if the page you have been directed to is valid or not. For example, if you are visiting an Web page on eBay, the last part of the domain name should end with “ebay.com.” Therefore, “http://www.ebay.com” and “http://cgi3.ebay.com” are valid Web addresses, but “http://www.ebay.validate-info.com” and “http://ebay.login123.com” are false addresses, which may be used by phishers. If URL contains an IP address, such as 220.127.116.11, instead of a domain name, you can almost be sure someone is trying to phish for your personal information.
If you receive an e-mail that asks that you update your information and you think it might be valid, go to the website by typing the URL in your browser’s address field instead of clicking the link in the e-mail. For example, go to “https://www.paypal.com” instead of clicking the link in an e-mail that appears to come from PayPal. If you are prompted to update your information after you have manually typed in the Web address and logged in, then the e-mail was probably legitimate. However, if you are not asked to update any information, then the e-mail was most likely a spoof sent by a phisher.
Most legitimate e-mails will address you by your full name at the beginning of the message. If there is any doubt that the e-mail is legitimate, be smart and don’t enter your information. Even if you believe the message is valid, following the guidelines above will prevent you from giving phishers your personal information.