Phishing is a general term associated with a fraudulent attempt to gain access to a person’s important personal information, such as credit card account numbers, user names, and password, and in some cases, the social security number. The number and variety of phishing attempt are increasing rapidly. Bad guys use emails to deliver an innocent-looking email with malicious contents. Sometimes, they use text messages asking for a person to call a certain phone number to obtain personal information.

The email/text message pretend to be from financial institutions (banks, credit unions, or credit card companies), PayPal

Obviously, emails and text messages appear to be from legitimate sources so the recipient think that they need to take some actions (click on a link in an email or call a certain phone number) to remedy the situation described in the email. Those situations include that:

• your account is being suspended;
• your account is being deactivated;
• unusual transaction on your account; or
• missing information on your account.

The above are examples of phishing attempts pretending to be a financial institution. There are some new varieties that pretend to be a package delivery companies, such as UPS, FedEx, or USPS.

Here’s an example email for the UPS case.

Sorry, we were not able to deliver postal package you sent on October the 19th in time because the recipient address is not correct.
Please print out the invoice copy attached and collect the package at our office.
If you do not receive package in ten days you will have to pay 6$ per day.

Your UPS

Apparently, we need to be able to distinguish the legitimate email from the bogus ones. Here are some basic rules to spot the bad ones.

• generic greetings
  Example: Dear XXXX Bank customer: (instead of Dear your_real_name
• legitimate-looking link in the body of the email
  The link may look legitimate but if you hover the mouse over it, the real link address is pointing to a different address.
• legitimate-looking attachment with “.zip” or “.doc” extension.
  Don’t be fooled. The only thing that the bad guys want is for you to click the link.Just one click on the fraudulent email will install and deploy some executable file that contain a trojan horse (a malicious program that opens a back door to your PC and steal your personal information by sending your keystrokes of your important user name and password.

So, the key is not to click a link in an email and do not click the attachment unless you are sure it is from a legitimate source. The Chase (credit card) site has an extensive example of fraudulent email here.

Like most of you, I use the internet online access to manage a lot of things, so I do receive many legitimate emails from them. I’ve make it a rule not to click any links in an email. When I receive an email about one of my account, I open up a new internet session and access it separately, not from the email.

Hope this helps you a bit.