Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication (like an email). According to the 2013 Microsoft Computing Safety Index, the annual worldwide impact of phishing could be as high as US$5 billion.
Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate one and the only difference is the URL of the website. Communications purporting to be from social web sites, auction sites, banks, online payment processors or IT administrators are often used to lure victims.
Phishing is an example of social engineering techniques used to deceive users, and exploits weaknesses in current web security. (reference Wikipedia)
How can I tell if a message is genuine?
The simplest and best way is to examine the originating URL. Almost all current email clients will show you the underlying address hidden behind the text you can see. This video shows how that looks in the Apple Mail client. Notice that it pretends to be from “Gmail Accounts” but the underlying URL is completely different, and originates from a domain called ems02.com:
What can you do if you suspect phishing?
The one sure way you can know that you have gone to a valid site is to enter the URL manually. Instead of clicking on the link in the email, open your browser and type in www.wellsfargo.com or www.bofa.com or whatever the email is advertising and see if what is being communicated is valid.
As in so many of the computer dreads, an ounce of caution is worth a pound of regretful cure. If you receive something that looks suspicious, send us a message and we would be happy to assess it for you. You can read about the previous two dreads posted on this site, Passwords and Malware.