Phishing is a scam where Internet fraudsters request personal information (such as User IDs, PINs, and identifying information), from users online. These requests are most commonly in the form of an email from an organization with which you may or may not do business. Fraudulent emails such as these may look official, sometimes including the company logo. The email usually states that the company needs you to update your personal information or that your account is about to become inactive, all in an effort to get you to click on a site or divulge confidential information. No reputable business will ever email you requesting that you update your personal information, including account numbers, system passwords or Social Security Numbers via a link to their site.
Unlike phishing, fraudsters using a technique called “pharming” do not lure their victims with emails. Instead, they install malicious software or use other means to re-direct a user to a fraudulent website – even if the user types the correct address into their browser or uses an existing bookmark for their bank’s website. This means when you type a legitimate website address into a web address bar you are redirected without your knowledge to a bogus site that looks identical to the genuine site. Once you log in with your login name and password, the information is immediately captured by the fraudster.
SMiShing or Vishing
There is a variant of traditional phishing scams that uses telephone calls, instead of email, to collect confidential information. Customers may receive an automated phone call or an email saying their account has been compromised and gives them a phone number to call to resolve the issue. When they call, they reach an automated answering program that asks them for confidential information to verify their account. Customers should never give confidential information in response to suspicious requests such as these.