In the United States alone, it is estimated approximately 1.2 million computer users suffered losses which totaled to approximately $929 million caused by phishing. 3.6 million adults lost $3.2 billion as phishing attacks escalated last year.
What is Phishing?
Phishing is a style of identity theft that has become popular, because of how easy for phishers to trick unsuspecting people into revealing their personal information, including PayPal email and password, credit card numbers, social security numbers, and mothers’ maiden names, by sending fake emails or instant messages which contain links to fake websites (phishing websites).
The following video is from the Common Craft Show, it shows how phishing scam works and how to recognize and avoid phishing scams. As always, Common Craft’s explanation in Plain English is so clear and simple for anyone to understand.
PayPal Phishing Scam
Below is an example of a phishing e-mail targeted at PayPal users.
In the above example of PayPal phish, notice how deceptive the fake PayPal email with its inclusion of warning of phishing attacks and security tips.
…spelling mistakes in the e-mail and the presence of an IP address in the link (visible in the tooltip under the yellow box) are both clues that this is a phishing attempt. Another giveaway is the lack of a personal greeting, although the presence of personal details would not be a guarantee of legitimacy. A legitimate PayPal communication will always greet the user with his or her real name, not just with a generic greeting like, "Dear Accountholder." Other signs that the message is a fraud are misspellings of simple words, bad grammar and the threat of consequences such as account suspension if the recipient fails to comply with the message’s requests.
Note that many phishing emails will include, as a real email from PayPal would, large warnings about never giving out your password in case of a phishing attack. Warning users of the possibility of phishing attacks, as well as providing links to sites explaining how to avoid or spot such attacks, are part of what makes the phishing email so deceptive. In this example, the phishing email warns the user that emails from PayPal will never ask for sensitive information. True to its word, it instead invites the user to follow a link to "Verify" their account; this will take them to a further phishing website, engineered to look like PayPal’s website, and will there ask for their sensitive information. (Phishing – Wikipedia)
Phishing attacks are sure to continue in 2009. Phishers or phishing scammers will steal important information and money from many new unsuspecting victims around the world. However, being aware of how phishing scams work will ensure that you do not become one of these victims.