Internet phishing scams are methods in social engineering to get people to give up their private and personal information so that criminal hackers, or "phishers," can take their money and other high-value property. Spotting such scams is not too hard, and people only need some simple information to discern them.

Some phishing scams via Internet email will use scare tactics or high-pressure wording to get recipients to give up their personal data in an "update" or "new security" procedures.

A phishing website may attempt to build a basic profile on all its visitors in order to match their data with other data later. For example, the website may ask for login and password, or even for more data such as gender, first, middle, and last names, even a working email address.

A phishing website may ask all kinds of inappropriate questions in order to "verify" or "authenticate" a visitor, when in reality it is a pumping operation for all the personal data it can get. For example, a visitor may be requested to give social security account number, bank card number, ATM card number, checking account number, personal identification number (PIN), or more.

A phishing website may try to associate credit card numbers with legitimate website login profiles by requiring a credit card number in order to "release" a "forgotten" password to the visitor.

A phishing website may try to appear legitimate by giving a login and password screen, then returning an "error" to say that the password was mistyped, causing people to think that only a real site would "know" when the password is incorrect. Then the non-suspecting person will enter the password again, confirming its validity for the phisher.

A phishing website trying to look legitimate may use the Internet Protocol address numbers as its main address with a spoofed, or fake, legitimate company name following the IP address. For example, "83.193.125.24/walmart/" tries to invoke the Wal Mart company name to appear legitimate.

A purported banking or other commercial website looks like the real thing, but has a different spelling in its Uniform Resource Locator (URL) than the original website. For example, an extra character such as a hyphen, letter or number may be included in the company name, such as "verify-WalMart.com" or business-services.phakebank.co m." A number included with the web server identification can be ok, such as "www2.americanexpress.com."

A purported banking website includes a login

• 1
• 2
• next page >>

---

Add your voice

Know something about How to spot Internet phishing scams?
We want to hear your view. Write now!