Phishing uses the name of a trusted entity – often financial institutions – to get sensitive personal information such as passwords and credit card details via bogus email or texts.
“Scam or phishing emails typically have one of two strategies: fear or greed,” Jonathan Penn, Director of Strategy at security software firm Avast, told Fox News. “Fear includes email notifications that your account has been locked, there are charges that you didn’t make, or just that there’s been suspicious activity you need to check. Greed includes notifications about free gifts, trips, or gift cards; stock advice or debt consolidation or financial advice."
Phishing scams are often presented as a call for immediate action. That should always be a tip off.
“Consumers should remember that urgent requests for personal information or call for immediate action are almost always a scam,” a Bank of America spokesperson told Fox News.
Needless to say, never click on links inside suspicious emails. Here are five of the most common phishing strategies.
Your account has been disabled or suspended
This arrives as an email or text that claims a user's account has been or will be locked, disabled or will expire and asks for login credentials.
A very recent example is an Apple text/email phishing scam that states: “Your Apple ID is due to expire today.” This is one of the more sophisticated scams since it contains no glaring grammatical or spelling errors, a frequent failing of scams.
AppleID's do not “expire” and the malicious URL, in the case, does not point to a real Apple domain.
Irregular or fraudulent activity detected
This scam poses as a "security" update. The scammer will claim fraudulent activity has been detected on your account or your account has been subjected to a “compulsory ‘security update’ and you need to login to enable this security update,” Symantec, an Internet security company, told Fox News.
Tip: If a login link is provided, it's invariably a scam.
Online retailer scams
With the holiday season just around the corner, these scams have the potential to be effective because they can appear as relatively innocuous and appeal to greed rather than fear.
One that has increased over time is fake orders associated with Amazon. “If you received correspondence regarding an order you didn't place, it likely wasn't from Amazon.com,” the tech giant wrote on a customer-help page on its website.
While not technically phishing, fake pop-ups are an old trick and still widespread.
The ultimate net effect can be similar to phishing if the scammer gets you, in the end, to provide sensitive information.
"The scammer will typically attempt to get the victim to allow remote access to their computer," said Malwaretips. "After remote access is gained...the scammer relies on confidence tricks...in order to gain the victim’s trust to pay for the supposed 'support' services, when the scammer actually steals the victim’s credit card account information."
While not necessarily one of the largest scams, one that is increasing in popularity is tax-themed phishing.
Themes range from updating your filing information to CRA or the IRS warnings that you owe money. “One thing that’s for sure is that the CRA and IRS doesn’t communicate via email or text message, they still send snail mail,” Symantec told Fox News.
For detailed information on email security threats, see this Symantec Internet Security Threat report issued this month.