Home Fraud Schemes Types of Malware Do's and Don't's If You're a Victim Articles FAQ's Protect Yourself Security Software Online Resources Glossary Get involved Contact us

Follow @security4web

How to spot a phishing email

Phishing emails, and the Web sites they link to, typically use familiar logos and familiar graphics to deceive consumers into thinking the sender or Web site owner is a government agency or a company they know. Sometimes the phisher urges intended victims to �confirm� account information that has been �stolen� or �lost.� Other times the phisher entices victims to reveal personal information by telling them they have won a special prize or earned an exciting reward.

Look for these red flags in the email:

  • Asks you to provide personal information such as your bank account number, an account password, credit card number, PIN number, mother�s maiden name, or Social Security number. Visa will never ask you for this information by email.

  • Does not address you by your name.

  • No confirmation of the company that does business with you, such as referencing a partial account number.

  • Warns that your account will be shut down unless you reconfirm your financial information.

  • Warns that you�ve been a victim of fraud.

  • Spelling or grammatical errors.

  • Is this e-mail unsolicited? Did I ask them to send me this?

  • Does this e-mail contain links? If it does, do these links go directly to a login page?

  • If I click the link, in my browser, does the URL show the legitimate page (https://www.bank.com, https://www.merchant.com) or is it an IP (something like

  • Is the e-mail asking me to log into my account immediately?
    All the persons that create phishing emails use a temporary web hosting account to host their web sites. They need to be speedy, because if the web hosting company discovers the fraudulent website before you do, they loose you as their "client". Another motive for them to hurry is that they usually pay for hosting, domain name using stolen credit cards. Again, if the web hosting company discovers the fraudulent website before you do, they loose you as their "client".

What NOT to do when receiving an e-mail

  • DO NOT follow links directly from an e-mail. A bank, merchant or business partner should always provide a text link that you can copy and paste in your browser's URL box.
  • Banks and respectable merchants always ask you to go to their main website by entering their URL into the browser and login from there. NOT by clicking on a link in an e-mail.


Take these steps to minimize your phishing risk
  • View any email request for financial information or other personal data with suspicion.
  • Do not reply to the email and do not respond by clicking on a link within the email message.
  • Contact the actual business that allegedly sent the email to verify if it is genuine. Call a phone number or visit a Web site that you know to be legitimate, such as those provided on your monthly statements.
  • Do NOT send personal information (e.g., credit or debit card number, Social Security number, or PIN) in response to an email request from anyone or any entity.
  • Be cautious. Check your monthly statements to verify all transactions.
  • Forward any emails claiming to be from Visa or your Visa card issuer asking you to provide your personal account information to the Better Business Bureau at [email protected], and immediately call your issuing financial institution.


Protect Yourself from SPAM

  • A great resource on this subject is http://www.ftc.gov/spam/


Do not forget!
Banks never ask for your personal information in an email. In case you bank online, do not go to the bank's website via an email.

ALL Phishing attempts created to look professional and trustworthy!
DO NOT judge a book by it's cover, or the phishing attempt by it's design!


Home :: Internet Fraud Schemes :: Do's and Don't's :: What To Do if You're a Victim :: Articles
Frequently Asked Questions :: Protect Yourself :: Freeware Security Software :: Online Resources :: Glossary :: Get Involved

© 2004 - 2020, Security4Web, Inc.         Disclaimer | Privacy Policy