What Is Phishing and How Can I Fight It?
Robert Mueller, the current director of the FBI, refuses to bank online after a close call with a fake-email scam in 2009.
So what has the head of the nation's most respected law-enforcement organization fearing for his financial life? In a word, phishing — a term coined by Internet con men to describe the process of "baiting" consumers with fake emails that entice them to reply with their private information, just as an angler might lure a fish with a shiny spinner bait.
The FBI has called phishing the "hottest and most troubling new scam on the Internet," and understanding what it is and how to protect yourself is more important now than ever before.
So what is phishing exactly? Phishing is a form of cybercrime, a means of illicitly acquiring the online credentials consumers use to identify themselves in the online marketplace. Some good examples of those credentials are the usernames and passwords to sites that store a customer's credit-card or bank-account details for future use.
The key to understanding phishing scams is that they can take many forms, but they all have the same end. They all aim to commit identity theft.
A good example of a phishing email would be an email message that is supposedly sent to you from your bank, alerting you to an overdraft or negative balance on your account. The phishing email might include a link to your bank's website, where you can log in with your credentials (your username and password) to resolve the matter.
Instead of taking you to your bank's website, the link takes you to a look-alike website, one that is run by phishers who want access to your account. If they get your credentials, they may steal your money outright, or use your account to "launder" their ill-gotten gains.
The best way to protect yourself from online phishing attacks is to stay vigilant and to never give away any information online — unless you're 110 percent sure you're entering your personal information into a legitimate website for a legitimate purpose.
Remember that your online identity and your real-life identity are deeply intertwined. Personal information can include everything from your telephone number to your address, as even this seemingly innocent information can be used to "profile" you and make it easier to gain access to other, more secure information.
A scammer can use even basic information to set up phony credit-card accounts, or even claim government benefits, in your name.
The best defense is a good offense, so don't make it easy for phishers to get your information. Never use the same password for different websites, and if you suspect you're the target of a phishing scam, report it immediately to the Internet Crime Complaint Center at http://www.ic3.gov/complaint/.