What’s a phish? Basically, it’s where someone will send an email from what appears to be a legitimate source (eBay, Paypal, various banks are the most common). The email usually contains something along the lines of a change in the privacy policy or user agreement, a change in your account status, or a security concern. It also contains some “click here” link offering you to take care of the matter. Clicking that link will take you to a site that is made to look exactly like the site it’s claiming to be. So you enter all your info, they retrieve your info, they use/sell your info. Pretty scary.
Anyway, here’s an excellent shockwave video demonstrating a common phishing scam.
Want to see an actual PayPal Identity Theft? PayPal phishing site?
Here’s a list of things to help you avoid this. Please note that individually, these things don’t guarantee you’ve recongnized a phishing scam. But if you look for them all, it will keep you more aware of where you’re being sent to when you click a link.
1. Don’t click links found in emails. The safest thing to do is to go to the site by directly typing in it’s address yourself. If an email claiming to be from Paypal sends you a link, don’t click it. Go to your browser, type www.paypal.com, and log in that way.
2. If the email doesn’t address you by name instead of “Dear eBay member”, or “Dear Customer”, it’s probably a scam.
3. When entering information on the web, make sure the address is secure, as in it starts with “https://…” instead of just “http://…”
4. Along the same lines as https, most browsers have a secure icon they will display when you’re on a secure site. The icon is usually a lock, and it’s usually located near one of the corners either by the address/location bar or in the status bar along the bottom. Look for that icon when entering info on the web.
5. Look for a correct address in the address bar (although this can also be hacked). If you’re supposed to be on an eBay page, make sure that ebay.com appears last in the first part of the address (I’m talking about the part either right after the “http://” or right after the “http://www” and right before the first “/” in the address). For example:
https://secure.ebay.com/purchase is legit.
https://ebay.secure.com/purchase is NOT legit.
As mentioned, not one individual thing listed is good enough by itself to guarantee your online safety. But looking out for all of these things will help you recognize a scam before you give the scammers your information.