Avoid Phishing Scams
Internet Scams
BBB Phishing Email
Blocking Popups
Worst Email Scams
Email Scams of 2007
Nanny Sites
FBI Surveillance Email
Advance Fee Scams
Auto Dialers
Chinese Quake Emails
Counterfeit Money Orders
Craigslist Scams
eBay Scam Tips
Fake Escrow Sites
Identity Theft
Internet Fraud
Lottery Scams
Nigerian Email Scams
Nigerian Check Scams
Online Auctions
Online Dating
Phishing
Spear Phishing
Phishing Schemes Getting Sneakier
Harry Potter Scam
Spoofed Email Detection
Spyware Delisting
Internet Security
What is a Firewall?
What is Adware?
What is Spyware?
You are at: Home Internet fraud Phishing Scams

How to Avoid Phishing Scams

Watch out for these sneaky scams that try to trick you into giving your personal information to crooks

The latest internet scam out there today is referred to as Phishing. These are very sophisticated and highly technical scams that come in the form of all kinds of phony "companies" that pose as Pay Pal, AOL, eBay, Amazon and other familiar names. They usually inform you to respond to the e-mail to verify your information. The e-mail looks so real that that you will follow their instructions and when you do you will be giving them everything they need to know to use your credit card numbers and empty your bank accounts or to steal your identity.



The high tech con artists have now kicked it up a notch. The latest phishing scam loads a program on your computer that steals information just by opening the e-mail. It's called a "Trojan Horse" virus, and it causes a mirror site to show up and replace the legitimate site when you call it up. People enter their information, thinking it is the legitimate site, and the crooks steal the information and more. So, anytime you go to the Web site of your bank or other site and you see the address suddenly switch to another site, do not enter any information. You have a Trojan Horse virus.

The best thing to remember here is that legitimate commerce companies will never ask you for information they already have with the exception of your ID and password when signing on. Do not open emails that are unsolicited.


Email Phishing Scam Methods

  1. Subject Lines

    Phishing emails always have subject lines that appear to be genuine. I will seem to be really legitimate as it will relate to who the email is from and the content of the email will tend to corroborate it. The more interesting they can make the subject line the better. Their goal is to get you to open the email and read it. For example, subject lines like this: !Important notice to all PayPal users!. It is also common for subject lines to carry numerals or other letters to replace characters, in an attempt to bypass SPAM filters, such as capital ? I ? replacing ? l ?. Some phishing emails will deliberately misspell key words to bypass SPAM filters, which most people would not recognize when quickly glancing at the subject line.
  2. Disguised return email address

    It is very easy for the professional criminal to forge the senders email address. There is no guarantee that the address listed as the senders address is genuine. Phishing scam emails will normally have a false return address it will look like it is from the company it is claiming to be.
  3. Website Content and Layout is copied

    Many consumers are fooled into thinking an email is genuine because it has the banks logo in it. Some phishing emails also have genuine links to the company's privacy policy and other pages on the legitimate web site. Phishing emails always seem to use copied images and text styles used on the legitimate web site fool the consumer into believing that their email is genuine.
  4. Hyperlink Manipulation

    Links within an email are deliberately disguised in another attempt to deceive the recipient. HTML emails may display a genuine URL but when clicked on the hyperlink will take the user to a different web site. For example: http://www.win-big-bucks.com? may actually take the user to the web site the scam artists wants you to go.

    The consumer needs to be very careful with these hyperlinks. Even if the legitimate companies URL seems to be in the web address it may not go to that site. These new hi-tech outlaws are very manipulative and are experts at deception.
  5. Forms (Surveys, etc.)

    The email may contain a form for asking you to enter some personal information and and send it to them. It can take on may different forms to try to entice the consumer into giving them sign on ID's and pass words or worse yet a persons date of birth, social security number, mother maiden name or account numbers. These methods are used by the more complex phishing emails. Some amateur phishing emails may contain poor spelling & grammar, no images and may not even attempt to disguise the URL.

Web Site Phishing Scam Methods

The phishing scam will most often than not have a fake web site to add to the smoke and mirror magic they need to fool the consumer into believing they have been directed to a legitimate web site. The purpose of the web site is to trick consumers into thinking they are at the company's genuine web site, and giving their personal information to the trusted company they think they are dealing with. This is very easy to do and if they accomplish what the goal is they will be able to garnish lots of information. The deceptive methods used to disguise a web site are numerous and here are some of them:
  1. Genuine Looking web site

    The fake web site will have copied text and images from the genuine site and the scam artist has no trouble doing this as it is an easily accomplished procedure. It is very easy to manipulate the web site to their advantage. Who wouldn't sign into their normal legitimate third party payment web site, or on-line banking web site? This is a scary situation if a consumer falls for this trick and furnishes personal information.
  2. Similar looking URL

    Some fraudulent web sites can have similar but different domain names that are similar to the genuine site they want the consumer to believe they are at. Scam artists can manipulate the web browser to not reveal the URL line so you will not even be able to see what site you have signed onto. This is smoke and mirror deception in the hi-tech world and is easily accomplished.
  3. Web Forms

    The easiest way to collect information in web site phishing scams is to use forms on the fraudulent site. In many cases it will be the same form that is normally displayed on the genuine web site. This may be an at a third party payment site, or a detailed form for verification of personal details such as date of birth, social security number, mothers maiden name or an account number.
  4. More on URL manipulation

    Some phishing scams web will display only an I.P addresses in the URL field of the internet browser, the consumer will only see numbers in the URL address bar. The hi-tech world today is so complex that most consumers do not realize that there are a lot of methods that can be used to deceive them and these can include JavaScript, HTA and some HTML which can easily disguise address bars and even construct one that looks real but it only showing the consumer what they want to see. Those are just some of the techniques that can mislead the unsuspecting and trustful individual. The consumer can disable active X and java script in the internet browser setting but this will lead to a less enhanced experience on the world wide web and many web site are using JavaScript and other active X functions.
  5. Pop up Windows

    The web site that the consumer was routed to could also just be a bare pop up window with no address bar, tool bars, status bar or scrollbars. It will be opened in the foreground to display the fake webpage. This, of course, is designed as an attempt to mislead the consumer into think it is directly associated to the genuine page.
  6. Address bar manipulation

    this involves the placement of a text object with a white background over the URL in the address bar. The text object contains the fake URL, and this covers the real URL the consumer was directed to. Again, you can stop this by disabling Active X and JavaScript in browser settings. Most web pages utilize these tools and it could be impractical to disable them.
  7. Pop up Window

    This form of deception involves the use of script to open a genuine webpage in the background while a bare pop up window (without address bar, tool bars, status bar and scrollbars) is opened in the foreground to display the fake webpage, in an attempt to mislead the user to think it is directly associated to the genuine page. This method also utilizes scripts, and can be stopped by disabling Active X and JavaScript in your browser settings.
  8. Spy Ware and Trojan Horses

    Trojan Horses and worm viruses are sent as an email attachment, and if opened will install an attached software program. The attachment is a program that exploits vulnerabilities in Internet Browsing software that can force a download from the Internet. This file will download other files and codes, which when installed will run a fully functional Trojan virus.

    The Trojan Horse is designed to search for personal information, ID's and passwords, which many people keep on their computer. This information is then sent to a database to be use at any time by the scam artists.

    Spy ware, such as keyboard loggers, capture information entered at legitimate web sites, such as third party payment sites and then it sends this information to the scam artists.


How to Avoid Phishing Scams

  • Be suspicious of any email with urgent requests for personal financial information unless the email is digitally signed, you can't be sure it wasn't forged or 'spoofed.'

    Phishers typically include highly reactive statements in their emails to get people to respond immediately. They typically ask for information such as usernames, passwords, credit card numbers, social security numbers, etc.
  • Don't use the links in an email to get to any web page, if you suspect the message might not be authentic. Instead, log onto the website directly by typing in the Web address in your browser.
  • Avoid filling out forms in email messages that ask for personal financial information. You should only communicate information such as credit card numbers or account information via a secure website. To ensure you're on a secure Web server, check the beginning of the Web address in your browsers address bar - it should be "https://" rather than just "http://"
  • Check your online accounts frequently by logging into them. In this case, frequently is a minimum of monthly.
  • Make it a routine to always check your bank, credit and debit card statements to ensure that all transactions are legitimate. If you see any suspicious charges or transactions, contact your bank and all card issuers for more information and guidance to correct the situation.
  • Make sure that your browser is up to date and that all security patches have been installed.
  • Always report "phishing" or "spoofed" e-mails to the following groups:
    • Forward the email to the Federal Trade Commission at spam@uce.gov
    • Forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com")

When forwarding spoofed messages, always include the entire original e-mail with its original header information intact. Notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their website: www.ifccfbi.gov/.


More Fraud Guides Phishing Information

Is that US Government site real or phony?
Phishing schemes getting sneakier
Better Business Bureau Warns of Fake Email Phishing Attack
Spear Phishing




Car & Auto   |   Lemon Laws   |   Consumer   |   Investment   |   Internet   |   Telemarketing   |   Taxes

Home | Tip of the Day | Privacy | Site Map | Contact Us

How to report fraud and scams in your state

© 2008 Fraudguides.com. All Rights Reserved.
This site is protected under both U.S. Federal copyright law and international treaties. No part of this site,
including text, layout or images, may be reproduced or copied in any form or by any method.