Phishing is just a pun on the word fishing as the scammer is trying to fish for sensitive data like login details using a bait such as a forged email formatted like the ones sent by a legitimate organization as well as a fake website designed to look exactly like the real one.
How does phishing work
Most commonly a phishing email would be designed to look like it came from a bank. This phishing email is designed to scam the recipient into revealing private info like their internet banking login credentials. This is achieved by sending an email that is formatted just like the one that the bank would normally send to their users. The only difference would be that a link embedded within that email is not the normal URL for that bank’s website. There might be a slight spelling difference in the domain name which eagle-eyed users and the tech-savvy users would notice straightaway. When an unsuspecting recipient clicks on that link, they would be taken to a decoy website which would be made to look exactly like the real deal. Once the user enters their login details on that website, the bad guys would now have the login details necessary to steal money from the real bank website.
Unfortunately, the most common folks who would fall prey to this type of scam are retirees or older folks who are more easily swayed when an urgent email, purportedly to be from their bank, announced that they must login to verify their details or their account would be closed. Once the recipient is in panic mode, all caution would usually be throw into the wind and the scammer will get what they came for.
How to avoid being phished
Educating online users is the key to stopping this menace which is why many banks and other financial institutions are now sending reminders to their customers not to respond to request for login info via emails or other online media.
Users should also be reminded to not click on links in emails especially when dealing with sensitive websites like banks. It is always best to key in the URL yourself in your browser or bookmark it in your browser. This way, you can always be sure that you are actually surfing the bank’s website.