What is phishing?

Phishing (pronounced 'fishing') is an online version of identity theft, normally through the form of email fraud or fictitious websites. The recipient usually receives an email purporting to be from a legitimate business e.g. PayPal, eBay or banks etc requesting the user to update/ verify personal information online. Information requested may include password, credit card number, account number, personal identification number (PIN) etc which the legitimate business already has in its records.

The emails appear to be legitimate because the senders use logos and links from the actual website, however, the link to update the user's information points to a spoofed website resembling the actual site.

Following are sample emails sent in the PayPal phishing scam:
1. Confirm Your Information!
2. YOUR PAYPAL.COM ACCOUNT EXPIRES

How can I find out if it's a fraud?
Legitimate businesses will not request that you reveal such sensitive information. If you receive such a request, visit the business' website by typing the main URL e.g. http://www.paypal.com or call their hotline for clarification.

How can I protect myself from Phishing attacks?
1. Never follow a link that asks you to enter personal information.
Links in an email may be disguised to take to you to an illegitimate website. Instead, you should go directly to the company's website by searching or typing the company's URL to ensure authenticity.

2. Do not reply to an email with your personal information.
You will only be sending this information directly to the perpetrator.

3. Do not download any attachments
Attachments may contain viruses or spyware that can be embedded into your computer.

4. Ensure the email is addressed specifically to you.
Often times, fraudulent emails are sent out in bulk and are addressed to generic terms such as customer or client.

How can I find out more information about phishing?
The following sites provide more information on phishing:

1. Anti-Phishing.org
2. Phishing Alert
3. Phishing