Phishing is a word to describe how hackers gather personal information from you in order to steal your identity or other scam. Most phishing is done with phony emails or deceptive web sites. These emails and sites often look legitimate and often contain company logos and addresses to fool you into thinking they are real.
There are several things to look for that might indicate a phishing attempt:
- Be wary if you do not actually do business with the suspected email or web site.
- Be wary if the spelling and grammar are incorrect or it is simply poorly written. Legitimate companies always proofread correspondence for typos and structure.
- Be wary if there is no suggestion of your account information, like the last four digits of your account. You will know it is a phishing attempt if they don’t even use your name or username on the account.
- Be wary if there is a deadline, or other immediate “call to action” that they say will result in a penalty if you fail to respond.
- Be wary if they give you a web site to visit that does not have the main company site in the first part of the URL. In other words, if they say they are with PayPal and want you to go to http://www.fakesite/paypal don’t go.
If you think you have been phished, immediately change your username and password. You should also have your computer checked for malware. Finally, watch your financial accounts and online accounts carefully to make sure nothing is tampered with and there is no strange activity.
To be extra safe, always use two factor authentication. This is the process where you sign in and you are sent a temporary code to your phone or email. If the sites you visit offer two factor authentication, use it!