How to Avoid Phishing and Scams

Phishing is the slang term for using email to get people to divulge their personal information so it can be used to steal their idenitity.  Con artists use phishing emails to literally "fish" for information that they can use to illegally access bank accounts and open credit card accounts.  In the past this scam was condicted over the phone - that's where the "ph" inphishing comes from.

Here are two obvious phishing emails in my mailbox that I thought I’d share with you as examples of Phishing. 

For some reason Best Buy decided to offer me not just a $500 gift card but also a $1000 gift card this morning.  Here are the emails I found:
phishingscam01

Look a little familiar?  You’ve probably seen similar emails before.  If you haven’t you’ll see them sooner or later.  These emails were sent out by a scam artist who wants to get some of my personal information.  Here’s what the email says:
phishingscam02

It says I’m eligible for a “FREE $1000 Best Buy gift card” so I better hurry up and click on the link to find out how to get it right?
If you click the link here’s what happens:  You get redirected from the original link listed above to another site that looks like this:
phishing scan 03
In case you were wondering here’s what the real Best Buy Gift Card website looks like:
phishing scam 04

The first thing you should notice about the links in the email and the website is that the addresses are obviously not “Best Buy” websites.
The link in the email:  http://cangetoffer.info:8080/track?m=2181132&l=0&.e=1duZ6mYb0JZzh94rzV
The link I was redirected to:  http://www.myeliterewards.com/index.php?cmd=rotator&crid=109&iid=38&caid=443&subid1=3810
The actual Best Buy address:  http://www.bestbuy.com/site/olspage.jsp?id=cat16188&type=category&DCMP=KNC-TLC&ref=25&loc=GIF
The first hint that this is a scam was the fact that “It is too good to be true”  The second hint is the web addresses are bizarre compared to the actual Best Buy address. 
The fake Best Buy website can be convincing.  For example, at the bottom of the page they have some pretty convincing links to a “Privacy Policy” and “Terms” but on these pages you can find a third hint that this is an illegitimate offer.  At the bottom of the official looking “Privacy Policy” is this address:

phishing 05

A quick Google search for that address led me to a link to a website calledhttp://www.flimflam.com, specifically:  http://www.flimflam.com/scam9.htm You’ll find that according to http://www.flimflam.com/ the address for “MyEliteRewards” has been used in email scams since 1997.   
So, just out of curiosity, what happens if I do type in my email address and “Click Here to Submit and Continue”
phishing 06
Then you'll be redirected to this site:
phishing 07

Looks legitimate but its not.  The whole goal of email phishing is to get your personal information.  This webpage is what everything else was about.  If they can get you to share your address and phone number and other personal information they can start to collect the elements they need to steal your identity.  Please note that this is not a Best Buy website and that their logo as well as the logo for FedEx were stolen to make this webpage.  Everything you're seeing in the image above is fake.
(For a more detailed definition of phishing and even some history here is a link to a Wikipedia entry:  http://en.wikipedia.org/wiki/Phishing)
By the way, students and teenagers are prime targets for this kind of stuff.  Many of them can be easily tricked into revealing lots of personal information online with the promise of a free video game or a chance to win something.  It was estimated that ½ a million children had their identities stolen last year. Here is more information about Child Identity Theft from OnGuardOnline.gov
And, of course, there is a government website that you can go to for more information about online scams:  OnGuardOnline.gov
Below is a video about Phishing Scams in case you'd like some more information:
PRACTICE ACTIVITY:  Try deleting all the phishing offers from your email inbox today.  Don't even bother opening them.  If you're in a school or business network you might want to ask your network administrator if they have a special address they'd like you to forward phishing emails to so they can block them.  

TO KEEP ON LEARNING:  To learn more try searching the internet for:

Try this Online Phishing and Spam Quiz
phishing scams
email scams
Identity theft