Phishing (pronounced "fishing") is an online fraud technique used by criminals to lure you into disclosing your personal information.
There are many different tactics used to lure you, including e-mail and Web sites that mimic well-known, trusted brands. A common phishing practice uses spoofed messages that are disguised to look like they are from a well-known company or Web site, such as a bank, credit card company, charity, or e-commerce online shopping site. The purpose of these spoofed messages is to trick you into providing personally identifiable information (PII), such as the following:
Name and user name
Address and telephone number
Password or PIN
Bank account number
ATM/debit or credit card number
Credit card validation code (CVC) or card verification value (CVV)
Social Security Number (SSN)
This information is used in many ways for financial gain. For example, a common practice is identity theft, whereby the thief steals your personal information, takes on your identity, and can then do the following:
Apply for and get credit in your name.
Empty your bank account and charge expenses to the limit of your credit cards.
Transfer money from your investment or credit line accounts into your checking account, and then use a copy of your debit card to withdraw cash from your checking account at automated teller machines (ATMs) around the world.
For tips on how to avoid being the victim of online fraud, see the Best practices to help protect yourself from online fraud section later in this article.
Examples and characteristics of phishing schemes:
Fake e-mail messages The message appears to be from a company that you do business with, warning you that they need to verify your account information, and if they don't get the information, your account will be suspended.
A combination of auction fraud and phony escrow sites This occurs when items are put up for sale at a legitimate online auction to lure you into making payments to a fake escrow site.
Fake online sales transactions A criminal offers to buy something from you and requests that he or she pay you an amount well over the price of the item the criminal is buying. In return, the criminal asks you to send him or her a check for the difference. The payment to you is not sent, but your check is cashed, and the thief keeps the difference. Additionally, the check that you send has your bank account number, bank routing code, address, and phone number, which the criminal can continue to use and get your money.
Fake charities This type of phishing scheme poses as a charity and asks for direct monetary donations. Unfortunately, many people want to take advantage of your generous nature.
Fake Web sites The Web sites can be made to look similar to legitimate sites. When you inadvertently visit them, the sites can automatically download malicious software, such as a virus or spyware. The spyware can then record the keystrokes that you use to log into personal online accounts. That information is sent back to the phisher. You can protect against this particular kind of attack by downloading and installing anti-spyware software, such as Microsoft anti-spyware software.