What is Phishing?
Not to be mistaken for the recreational hobby of fishing, Phishing is an act of sending fraudulent e-mails in an attempt to capture sensitive personal information.  It can also appear in the form of bogus screens or pop-ups. Criminals trying to phish for your information are usually looking for usernames, passwords, PINs, even your card numbers or date or birth — any information they can use to steal your identity and access your accounts.

How is Phishing Carried Out?
Though phishing scams can be carried out in many ways, the most common way is through e-mails and pop-up windows. Scammers can send e-mails to unsuspecting victims.  These fraudulent e-mails look almost identical to authentic e-mails that you might receive from banks, retailers, credit card companies, etc.  The e-mails will usually have some sort of call to action, a button or link to click which will redirect you to a fake site to disclose your personal information.

Scammers can also create pop-ups disguised to look like legitimate log-in windows or urgent requests.  These pop-ups will ask you to resubmit details you may have already just typed in, or it will have a link or button asking you to download harmful viruses or malware disguised as important content.  Always remember to think twice before clicking or downloading anything.

Do’s and Don’ts to Prevent Phishing

• DO type in website addresses rather than blindly trusting a link that was sent to you. Be wary of clicking links to a website, as they could lead to fake ones.
• DO make online transactions or include confidential information ONLY on websites prefixed with “https://...” (“http://...” is NOT secure).
• Do NOT enter any information into a pop-up window when carrying out a financial transaction online.
• Do NOT click any links or open attachments in e-mails from people or places you do not know.

How to Identify a Phishing E-Mail

• The e-mail may appear to come from a known source.
• The sender’s URL may be missing characters or closely resemble a legitimate URL. Fake URLs will never match the URL of a legitimate site.
• The e-mail will display a sense of urgency to act now.
• There may be grammatical errors or misspelled words
• An e-mail requesting personal or confidential information most likely is a phishing attempt.

Protect Yourself from Phishing
Fraudsters are constantly phishing for personal information online. Protect yourself and remember to never respond to e-mails that require you to confirm, upgrade, renew, or validate any confidential details. Although these e-mails may appear to be legitimate, banks usually don’t ask for this type of information in an e-mail. Do not share any over-the-phone passwords or any passcodes with anyone, even if a caller may state they are from a bank or agency you may know; hang up and call them back at a number you know is correct.

Always remember to log out of an online session once you are finished. Sign up for alerts and notifications for any transactions made on your bank accounts. Lastly, keep your computer’s firewall and operating system up to date.

Following these tips can protect you from potential scams. If you are ever doubtful of an e-mail, pop-up window, or maybe even a phone call, your best bet is to delete the e-mail, close out of your browser, or hang up the call. Doing so will prevent any potential scams.  If you ever have a feeling something is fishy, chances are it may be a phish.