How to Catch a Phish in Your Inbox

Physician's Money Digest, May 2006, Volume 13, Issue 5

BetterInvesting

Of all the forms of identity theft,phishing e-mails are the mostcommon. Such seemingly authentice-mails seem to come from legitimatesources, but in fact are a crook's slyattempt to lure bank account information,full names, Social Security or driver'slicense numbers, and passwords out ofyou. Armed with your personal information,a thief can easily steal your identity, ata cost of thousands of dollars. According to, the following are three ways to spot a phishing scam:

•Emphasis on urgency. With threats of unauthorized transactions, loginattempts, and username/password changes, phishing frauds try to convince you torespond immediately, or else. Other ploys include making threats that an accountwill become deactivated if vital information is not updated at once.

•Phony Internet links. You receive an authentic-looking e-mail, click on thelink "www.paypal.com," and are directed to a page that looks just like PayPal. Butbefore you type anything, make sure the URL is real. On occasion, a legitimatecompany name is part of the URL, but a different subdomain is imbedded withinthe address. Oftentimes it ends with an international domain, such as"www.changeinfo.paypal.nl." Other deceptive measures include linking Web usersto spyware, programs that allow criminals to monitor your computer sessions andcapture vital information, or download a virus.

•Suspicious content and language. One of the best ways to spot a phishingattempt is to read the e-mail aloud. If the language sounds odd or awkwardand the writing contains incorrect usage and spellings, chances are that the e-mailis a fake. Phony letters also begin with a generic greeting such as "Dear BankCustomer," rather than addressing an individual.