How to detect a phishing scam on email, website

Many people find the Internet indispensible for doing online transactions that range from banking to paying bills. This requires that personal information like credit card or social security numbers be exchanged with trusted web-sites.

Password Privacy

Some web-sites get individuals to give up this information by pretending to represent a trusted institution. Imagine someone getting an email that looks like it came from their bank asking them to verify their online password. A web-site someone connects to promises a free prize, but asks for bank information to verify who they are. Someone installs a free program on their computer but does not realize that it send personal data over the Internet.

Phishing attacks are becoming very inventive and pervasive. The Anti-Phishing Working Group is one organization that gathers statistics on this problem. Despite growing awareness of this problem, they report that attacks and software designed to perform these attacks rose significantly at the beginning of 2008. A small percentage of Internet users admit being scammed by these methods, but the billions of dollars lost eventually affect everyone.

When someone is affected by such an attack, recovering from it can take months or years depending on how quickly it is detected. The best approach is prevention. Here are a few simple suggestions that can help to do that:

Trust No Email or Website

Creating an email message that looks like it came from a credit card company and even including their logo is not a difficult thing for hackers to do. Some of these can be detected easily with a little detective work, but why take the chance?

An email message that says that verifying personal data or doing a password change is necessary is probably fraudulent. But this can be confirmed by calling the bank or going to their web-site by typing the URL. Never use the links in the email message.


When connecting to a web-site, verify that the connection is encrypted by making sure the URL is https:// and not http. If unsure, verify the URL by calling the institution with a verified phone number.

Anti-Phishing Software

Some Internet security software packages include anti-phishing software. The vendor that someone already trusts for their anti-virus software will probably carry a product for phishing as well. As with anti-virus products, the software is practically useless unless regular Internet updates are done.


As discussed earlier, Internet fraud in the form of phishing and other attacks is growing more widespread. Know how to recognize these attacks in the form of fraudulent emails and web-sites is invaluable. Reporting them can also prevent others from being duped. A good place to start is the Anti-Phishing Working Group which has recommendations and suggestions that will help. They can also recommend vendor software and services that will help.

Besides taking measures to prevent phishing attacks, it is also a good idea to monitor credit changes as well. An ounce of prevention is always good, but being able to respond quickly to credit card fraud can reduce the severity of the problem

Top 5 Email Scams to Look Out For

Every nifty or valuable tool comes with dangers, and it is important to be aware of these dangers to prevent unfortunate disasters. In email—a widely used communication tool—the most important danger to be aware of is scams.

Scams are often cleverly disguised to look both credible and desirable, making them hard to protect against. This is, of course, the reason why so many people fall for them. However, by learning about popular email scams and their methodology, it becomes much easier to protect against the devious plots of crooks and frauds.

Phishing: Stealing Personal and Financial Information


Phishing emails pretend to be from reputable institutions, such as large banks, online transaction companies such as PayPal or Ebay, or IT administrators of companies or universities. They notify the recipient of an “urgent” situation that requires them to “verify” their secure information, and lead the recipient to a fake website that then collects the recipient’s log-in, financial, or other sensitive information. The fake website can be very similar to the true website, and victims are fooled into entering their log-in information or credit card details, letting them fall right into the hands of crafty scammers.

Most websites and online services will never ask a customer to send their log-in information. To protect against phishing scams, it is best to contact that company or service in an alternative way—using contact information known to be legitimate—before following a link embedded in the email.

Nigerian Letter Scam

The Nigerian letter scam is an infamous one that has made quite some rounds in the recent years. While they come in various forms, the core plot is similar: the rightful inheritance of some hapless heir or heiress in Nigeria is being unfairly withheld, and you can help them receive their incredible wealth (23 million dollars!) by allowing the money to be deposited into your bank account. For your generous help, they will gratefully donate a good percentage of that money to you.

The catch is that they will never send the money, and will use the bank information they obtained from the email recipient to steal that person’s money. They may also, or alternatively, ask for the email recipient to cover the administrative fees and taxes that arise…and this money ends up in the scammer’s wallet.

Credit Card Pre-Approval Fees and Foreign Lottery Taxes

A pre-approval fee scam tells the email recipient that they are pre-approved for a credit card, or for a large loan, and asks for a small fee upfront. Similarly, a lottery scam tells the email recipient that they are the lucky winner of the lottery (at times, it is a lottery from a foreign country), and they can receive this fortune once they pay the tax or processing fees.

In these scams, the recipient can pay all the fees he wants, but he will never receive that $250,000 loan despite a bad credit history or that million dollar lottery prize. Sound common sense is helpful—if it’s too good to be true, it is indeed too good to be true.

Donations for Disaster Relief

As maddening as it might be, those who send scam emails are not above using others misfortunes for their own benefit. Donation scams are the last type of email scam to watch out for. These are scams that use a recipient’s goodwill and benevolence against them by asking for donations for some heartwrenching disaster. Rather than going to the purported cause, however, the money goes into the pocket of the scammer.

Fake News: Links to Videos and Articles

This is a slightly different type of scam from the others, but is a dangerous one to look out for all the same. In this scam, a victim receives an email that relates a sensational or fascinating news item, along with a link to the article or video. This email may be from an email address they recognize or an unknown one, but either way, the link is a fake one, like in phishing scams.

However, unlike in phishing scams, these links lead the recipient’s computer to download malware. This malware then steals personal data from the computer and sends new scam emails to repeat the process with fresh victims. The lesson learned from here is applicable to all interaction on the internet, not just email: Always be careful when clicking links, and when in doubt, look up information on that link before clicking it.

Although these email scams are varied in appearance, they share important, recognizable features. Always be wary of any email asking for personal or financial information, or for any money. And if all else fails, knowing about the possibility and incredible resourcefulness of scams should give you the critical stance to help spot a suspicious email.

About The Author