Phishing-101

Phishing is an email spam scam that is specifically used to commit identity theft. Its sole purpose is to scam you into divulging personal information, which they can use to perpetrate identity theft. This includes passwords, card numbers, birth dates, PINs and other vital personal data. The term came into use to denote the way pushers bait to lure their victims into divulging private data. Industry experts define this devious practice as a form of "social engineering."

Typically, a phishing attack will be executed in combination with a massive spam mailing. Phishing spam is sent out to millions of recipients, often with a subject line that is exciting or upsetting. It is calculated to trigger an immediate reaction from the recipient, and get them to respond without further thought.

The phishing email will often have phrases such as:

-Dear Valued Customer.
-Click the link below to access to your account.
-If you don't respond within 24 hours, your account shall be closed.

The phishing spam is typically a fraudulent but very official-looking e-mail. It is cleverly designed to replicate the website and email messages of a business you know and trust such as your bank or mortgage company. The email will even sport official logos and graphics of the legitimate company.

It will instruct you to click on a link in the email to go to the company's website, where you can "update" your personal information. The link will usually be "masked," which means that when you click on it, it will take you to a phony web address. Clicking on the link will take you to a website that appears to be that of the real financial institution's website. It is, however, just a copycat spoof, set up to give the spammer access to your personal and financial data. You may give your information thinking you are at the real website. Instead, any information you enter here will go directly to the identity thieves.

What are the Consequences?

If you fall prey to the scam and unwittingly divulge private information, you will be left vulnerable to identity theft, credit card fraud and other financial mishaps.

These identity thieves will either sell the information to fellow criminals, or use it for their own financial gain. This vital personal data will be used, for example, to set up fraudulent online bill pay, with payments made out to the phisher. They may use it to access funds from your bank accounts and credit cards and transfer them to their own checking accounts. They may even use a copy of your bank or credit card along with the phished PIN to withdraw cash from your accounts at any ATM.

Phishing is a numbers game for these criminal spammers. They will send out their phishing email to millions of recipients. They count on just a few falling for the scam and volunteering their information: if a mere 1% of recipients volunteer their personal information, the phishing expedition will be a hugely lucrative. It is these few who make their scam worthwhile.