Phishing: What is it?
Phishing is when a scammer tries to get you to reveal personal financial information, so they can use it to charge things to your credit card, or spend money from your bank account. Phishing often takes the form of emails that appear to be coming from your bank (or a bank you don’t use), or messages reporting some kind of problem with your Paypal account.
What happens if you click?
If you click the links in a phishing email, you could be taken to a site that’s carefully crafted to look legitimate, and which closely resembles your bank’s homepage, or your sign-in screen for another account.
If you try to sign in, or you provide any of the information you’ve been asked for, you’ve transmitted it into the hands of the scammers.
What do the scammers do with my data?
There’s a very large black market for stolen credit card data. Scammers sell compromised credit card numbers in bulk; the buyers can then make fake credit cards (or just shop online) using your data–until you notice suspicious transactions and have your card cancelled.
How do they get away with this?
The short answer is that police departments around the world are under-funded and don’t always cooperate well across borders.
It’s so common, and hard to prevent, that your bank expects to lose huge amounts of money to scammers every year; the cost of these thefts is reflected in your client fees.
If you’re interested in more detailed reading, check out the book Dark Market: How Hackers Became the New Mafia by Misha Glenny.
How do I keep from being scammed?
Be vigilant when opening emails from your service providers – your bank, Paypal, and other online businesses will never notify you by email of an acount problem, especially not one that requires you to visit their website and enter your personal data. If in doubt, call your bank.
When you shop online, deal with trusted retailers only.
What if it’s too late and I clicked a suspicious link?
If you didn’t fill in any of the data you were asked for, you might be fine. Run a virus scan on your computer, and call your bank for advice. If you think your credit card or Paypal information has been compromised; call your bank immediately.
Bonus tip: watch out for Facebook “name games”.
You know the ones: they invite you to find out your rock star name by combining your first pet’s name with the name of the street you grew up on. They want you to publish two of the answers to common security questions we’re all asked for various accounts. You never know who could be collecting that info.