Phishing (pronounced “fishing”) has become a large part of the email spam problem that is plaguing the internet today, but is more dangerous than standard junk mail. The term comes from its similarity to catching a fish. First, you leave out some bait and wait for an unsuspecting victim to take a bite. Once the victim has bitten, you steal away valuable information from them that will allow you to commit identity theft or other crimes. Terrible, huh?

The challenge with phishing is that it’s often very difficult to distinguish from legitimate email. These emails typically resemble those that would come from a financial institution or credit card company that you have an account with. For example, you might get an email from support@wamu.com or help@ebay.com stating that your account might have been compromised in some way and that the company needs some personal information (such as social security number, drivers license, address, etc.) to verify everything is ok. They will typically ask you to either reply directly to the phishing email, or click on a link that will take you to a site that looks exactly like the financial institution’s site, but will be a trap to get your information.

It is very easy to spoof emails from other addresses and create websites that look like wamu.com or ebay.com, but aren’t. What you should be aware of in helping to discern the legit from the fake is:

  1. Misspelled words (if you see typos and grammar errors, it’s probably bogus).
  2. A URL in your browser’s address bar (or at the bottom of the browser when you hover over a link in the phishing email) that doesn’t match the official company’s web address completely (i.e. wamu.com vs. wamu.othersite.com).

In the end, it is encouraged that you never click on a link inside of an email. Instead, go directly to the website of the email's source. I.e. instead of visiting a link in the email from support@ebay.com, just type www.ebay.com in your browser and log in from there. If you get an email that says your information has been compromised, just visit the business's website directly and find their phone number so you can confirm if the email was legitimate. It's better to be safe than sorry.