How to recognize phishing email messages or links
The primary goal of phishing messages is to get a hold of your identity. They
ask for personal data, or direct you to websites or phone numbers to call
where they ask you to provide personal data. A few hints can help you spot
fraudulent email messages or links within them.
What does a phishing email message look like?
Phishing email messages take a number of forms:
- They might appear to come from your bank or financial institution,
a company you regularly do business with or even educational organization,
such as Augsburg.
- They might appear to be from someone you have in your email address
book.
- They might ask you to make a phone call. Phone phishing scams direct
you to call a phone number where a person or an audio response unit waits
to take your account number, personal identification number, password, or other
valuable personal data.
- They might include official-looking logos and other identifying information
taken directly from legitimate websites, and they might include convincing
details about your personal history that scammers found on your social networking
pages.
- They might include links to spoofed websites where you are asked
to enter personal information.
Here is an example of what a phishing scam in an email message might look
like.
Example of a phishing email message that includes threat of service interruption
and malicious links designed to trick you into entering your account information.
To make these phishing email messages look even more legitimate, the scam
artists use graphics that appear to go to the legitimate websites, but actually
take you to a phony scam site or possibly a pop-up window that looks exactly
like the official site.
Here are a few phrases that are commonly used in phishing
email scams:
"Verify your account."
Businesses should not ask you to send passwords,
logon information or user names, Social Security numbers, or other personal
information through email. If you receive an email message from Augsburg or
any other business asking you to update your personal information, credit card
information, do not respond: This is a phishing scam.
"You have won the
lottery."
The lottery scam is a common phishing scam known as advanced
fee fraud. One of the most common forms of advanced fee fraud is a message
that claims that you have won a large sum of money, or that a person will pay
you a large sum of money for little or no work on your part.
"If you
don't respond within 48 hours, your account will be closed."
These messages
convey a sense of urgency so that you'll respond immediately without thinking.
A phishing email message might even claim that your response is required because
your account might have been compromised.
What does a phishing link look like?
Sometimes phishing email messages direct you to spoofed websites.
HTML-formatted messages can contain links or forms that you can fill out just
as you would fill out a form on a legitimate website.
Phishing links that you are urged to click in email messages, on websites,
or even in instant messages, may contain all or part of a real company's name
and are usually masked, meaning that the link you see does not take you to
that address but somewhere different, usually an illegitimate website.
Notice in the following example that resting (but not clicking) your mouse
pointer on the link reveals the real web address, as shown in the box with
the yellow background. The string of cryptic numbers looks nothing like the
company's web address. This is a suspicious sign.
Example of a masked web address.
Cybercriminals also use web addresses that
resemble the names of well-known companies but are slightly altered by adding,
omitting, or transposing letters. For example, the address "www.microsoft.com" could
appear instead as:
- www.micosoft.com
- www.mircosoft.com
- www.verify-microsoft.com
This is called "typo-squatting" or "cybersquatting."
Adapted from "How
to recognize phishing email messages or links"
Microsoft Corporation
Web. Mon. January 10, 2011
|