Few years back, all eBay users received an email supposedly from eBay with the following statement “Due to security reasons, we request you to update your Credit card information’s immediately to avoid your account being suspended” followed by a ‘click here’ button. Many people followed the above instructions, by clicking the button, which took them to a particular page of eBay website site which has provision to enter their credit card details. The innocent people entered their Credit card details without understanding that they are victims of phishing.
Later it was found that eBay did not send any mail requesting their users to submit their credit card details and the above mentioned people’s credit cards were misused. When the link ‘click here’ in the mail was clicked it was shocking to understand that it did not reach the eBay website, but some other website address which sounds like eBay and the website design was exactly same as eBay.
What is Phishing
The above mentioned process - using fraudulent e-mails and copies of legitimate websites to extract financial data from computer users for purposes of identity theft - is known as Phishing. Not only credit card details, even email account password, bank Login password details may be collected using the above method.
Let’s see how to spot the phishing scam and avoid being victimized by it.
- Remember Phishing scam relies on YOU and not on technology.
- Don’t get panic, on receiving email stating that your account will get canceled or what so ever.
- Always be suspicious of any e-mail that contains urgent requests for personal financial information or any password.
- Never fill out forms in e-mail that ask for personal financial information or password.
- Check if the message in the email is legitimate.
- Is this the first email you are getting from the company?
- Does the company have your email id?
- Do they regularly contact you through mail?
- Check if the click button takes you to the genuine website address.
- Why the email is asking for information’s such as usernames, passwords, credit card numbers, and so on that the real company would already have?
- Check if the e-mail is personalized, if it is, check if it has your real name (Generally phishers email contains only the same name you use in your e-mail address)
- Ensure that your browser is up to date and security patches applied.
- Check your online accounts regularly.
Apart from the above, it is always better to call the particular institution or Bank or Company and check if they have sent any email. Remember not to call the phone number mentioned in the email you received, but the phone number you already have.