For a brief overview of Spoofing, click here.
Phishing is a play on the word “fishing.” In this case however, you & your personal information are the "fish" and the bait is look-a-like emails and webpages, or other mediums, that look like they are from a trusted source (banks, credit card companies, etc.).
The act of forging an email or other message to look like it is coming from someone that it is not is called "Spoofing."
Phishing is one of the most common scams, and many people fall victim to it. It is important to know how to detect a phishing attempt so you can protect yourself from it.
Phishing attempts may often look almost identical to the legitimate webpage or email, but there are clues you can look for when trying to decipher if an email or webpage is the real deal.
It is easy to spot crude phishing attempts. The grammar and spelling will generally be poor. The formatting and styling will probably obviously not be what it claims.
The worry is when it comes to good phishing attempts. The ones that look and sound like a legitimate email or webpage. For these finely crafted scams you need to look beyond the surface. You’ll need to look at the true address of the links inside the page. You also need to be aware of what a realistic time would be for someone like your bank or social media sites to send you a notification message and the kind of information that they might ask you for.
To view the real address of a link simply hover (don't click) over the link. The real address will appear in either a popup or at the bottom of the web browser. You can also right click on the link and select "Copy Link Location" then paste it into Notepad or Word.
On newer mobile phones, the "hover" can be simulated with a long press. Long press links to check them before clicking them to see if they go where you think they should.
The best way to protect yourself is to be vigilant. If you receive a suspicious email from someone you know, contact them and ask them if they sent it. Never go to any login page from a link you got in an email unless you are absolutely certain it is safe - ALWAYS verify the domain part. In these examples, "socota.com" looks close enough to scotia.com - a glance might not show you the danger! No administration anywhere will ask you for your password. Never give out any information of any kind unless you are completely certain it is safe to do so. Do not go to a webpage from a link in an email, especially places where you input sensitive information. It is always best to type the address into your browser yourself.
Many browsers and email clients also have anti-phishing add-ons or anti-phishing capability built into the application. This however, should not be considered completely secure. Scam attempts can and do penetrate these barriers.