WHAT IS A PHISHING SCAM? By; Basics-n-Beyond LLC. August 28, 2019 Phishing is similar to traditional fishing with a hook and pole, but instead of trying to catch fish, phishers are attempting to steal your personal information. Hackers will send out e-mails that appear to come from legitimate websites such as Facebook, Google, PayPal, or other banking institutions. A phishing e-mail scam will often look very official and state that your information needs to be updated or validated in some way. The email will then ask that you enter your username and password. Some scams will even ask that you enter even more information, such as your full name, address, phone number, social security number, and credit card number. However, what you must keep in mind, even if you just enter your username and password, the hacker may still be able to gain access to more information by just logging in to your account. Phishing is a con game that scammers use to collect personal information from unsuspecting users. The false e-mails often look surprisingly legitimate, and even the Web pages where you are asked to enter your information may look real. However, the URL in the address field can tell you if the page you have been directed to is valid or not. For example, if you are visiting a Web page on eBay, the last part of the Domain Name should end with "ebay.com." Therefore, "http://www.ebay.com" and "http://cgi3.ebay.com" are valid Web addresses, but "http://www.ebay.validate-info.com" and "http://ebay.login123.com" are false addresses, which may be used by phishers. If the URL contains an IP address, such as 220.127.116.11, instead of a domain name, you can almost be sure someone is trying to phish for your personal information. Sometimes the hacker will use a personal IP address as the redirect page, linking you directly to their computer or network. If you receive an e-mail that asks that you update your information and you think it might be valid, go to the website by typing the URL in your browser's address field instead of clicking the link in the e-mail. For example, go to "https://www.paypal.com" instead of clicking the link in an e-mail that appears to come from PayPal. If you are prompted to update your information after you have manually typed in the Web address and logged in, then the e-mail was probably legitimate. However, if you are not asked to update any information, then the e-mail was most likely a spoof sent by a hacker. Most legitimate e-mails will address you by your full name at the beginning of the message. If there is any doubt that the e-mail is legitimate, be smart and don't enter your information. Even if you believe the message is valid, following the guidelines above will prevent you from giving phishers your personal information. In conclusion; Phishing is a form of social engineering used to collect personal information from the intended victim. Phishing campaigns have existed for quite a while and continue to increase in attempts and sophistication. It is important to stay aware of the phishing trends and to keep your computer and internet browsers up to date with current antivirus and security patches. These methods may not keep you one hundred percent safe, but are the best way to try. One thing to keep in mind, “a little knowledge goes a long way”, to keep yourself safe take a minute or two and give Basics-n-Beyond a call or stop by our shop anytime Monday through Friday between 9AM and 6PM to learn more about your computer environment. Below are two good examples of what a phishing email scam might look like.