by Miles Morley
Phishing, pronounced “fishing”, is defined as the act of attempting to acquire sensitive information by masquerading as a trustworthy entity in an electronic communication. It is so named because of its similarity to bait fishing, and often described as the act of fishing for financial information from the sea of online consumers using the bait of fraudulent email.
In this attack, the phisher will craft an electronic message to mimic that of a trusted source, oftentimes using logos of established companies. Many may use the name of actual employees of the company. The message will often make statements such as:
- “We couldn’t verify information for your account, please click here to update your information.”
- “We suspect an unauthorized transaction on your account. To ensure its security please click the link below and confirm your identity.” (These types of messages may also threaten to close your account if you do not follow their instructions.)
The purpose of these statements is to scare the reader. The attacker is making the message seem critically important to try and elicit a response before the reader can process the strangeness of the request. A good rule of thumb is to be suspicious of any communication that requests confidential information or contains links to places that will request this information. Legitimate companies will not ask for passwords, social security numbers, or financial information such as account numbers and credit card numbers through these types of communications.
The best way to protect yourself is to take a few minutes to catch your breath and think the request through. When calm you should contact the company directly. You can call the company using a number listed on a financial statement, the company’s website, or the back of a credit/debit card. You can also go to the actual company’s website by entering its address into the browser, do not use the link or address in the email, and logging into the website directly.
If you worry you have been compromised by one of these attacks you should contact the actual company as soon as possible. It is also advisable to file a report with the Federal Trade Commission at www.ftc.gov/complaint and visit their website on identity theft. Lastly, you can call the legal hotline if you fear you are being targeted by a scam.
If you have questions or concerns regarding internet phishing, you can contact the Legal Hotline for Michigan Seniors at 1-800-347-5297.
Miles joined Elder Law of Michigan as an intern for the Legal Hotline for Michigan Seniors in January of 2014. As an intern for the Legal Hotline for Michigan Seniors, Miles provides legal advice on a wide-range of issues, and is a contributor to this blog.
I just stayed the night at a hotel where the phone rang at 4am, the caller had spiel about how the hotel lost information about the room and needing to keep a credit card number on file… yada yada… so i needed to give him a credit card number
O.o
Yup, this doesn’t just happen online or in emails. My experience was the old school phishing/social engineering over the phone.
Good advice in this article, step back and think about it for a bit, don’t give hastily requested personal information. If anything demand for an official and confirmable source for this request.