How Phishing Works

By Email
The most common form of phishing is by email. Pretending to be from your financial institution, or a legitimate retailer or government agency, the sender asks you to “confirm” your personal information for some made-up reason. Typically, the email contains a link to a phony Web site that looks just like the real thing – with sophisticated graphics and images. In fact, the fake Web sites are near-replicas of the real one, making it hard even for experts to distinguish between the real and fake Web sites. You enter your personal information onto the Web site – and into the hands of identity thieves.

By Phone
Phishers also use the phone to hunt for personal information. Some, posing as employers, call or send emails to people who have listed themselves on job search Web sites.

Something’s Phishy If…
While phishing scams can be sophisticated, the following features are often indicators that something is “phishy.” Be aware of a potential scam if:

… someone contacts you unexpectedly and asks for your personal information such as your financial institution account number, an account password or PIN, credit card number or Social Security number. Legitimate companies and agencies don’t operate that way.

… the sender, who is a supposed representative of a company you do business with, asks you to confirm that you have a relationship with the company. This information is on record with the real company.

… you are warned that your account will be shut down unless you “reconfirm” your financial information.

… links in an email you receive ask you to provide personal information. To check whether an email or call is really from the company or agency, call it directly or go to the company’s Web site (use a search engine to find it).

… you’re a job seeker who is contacted by someone claiming to be a prospective employer who wants your personal information.

Sample Phone Calls

Sample #1:
"Is this Mr. Smith? I'm calling from XYC Bank. Do you have a Visa® card? I need to verify your account number because it appears that someone may be fraudulently charging purchases to your account. Can you read me the account number and expiration date on the front? OK, now the last four digits on the back..."

Sample #2:
"Hello, Mildred Brown? I represent the ABC Company and our records show that you have an overdue bill of $500 plus interest and penalties. You don't know anything about this bill? Well, there could be a mix-up. Is your address 123 Main Street ? What is your Social Security number...?"

Sample #3:
"This is Detective Thompson calling from the Federal Consumer Agency. Are you Mr. White? We have received several reports of telemarketing fraud involving attempted withdrawals from bank accounts in your area. In order to safeguard your account, we need to confirm your account number..." 

Sample Phishing emails