What Is a Phishing Scam?

Since the popularization of the internet, good and bad actors have been designing ways to help and hurt users. As an industry leader in web design and digital marketing, we at D4 Advanced Media have worn our white hat for many years. Still, bad actors, also known as black hats, have become increasingly successful at manipulating users to divulge personal and professional information that is later used against the users. In this article we explain what phishing scams are, what information the criminals typically solicit, which organizations the criminals claim to represent and how to protect yourself and your business against these digital attacks.

What Are Phishing Scams?

Phishing scams typically take the form of fraudulent emails disguised as legitimate emails. The spectrum of criminals perpetrating these attacks varies greatly. Some of them use poorly crafted tactics that are easy to spot while others use sophisticated technology to urge users to give up private information. These criminals commonly use users’ private information to commit identity theft. Other criminals will solicit direct monetary payments in the emails in exchange for preventing the user’s site from going offline or the user’s account from being deleted.

Phishing scam identifiers graphic

One commonality shared by most phishing attacks is the goal to create a sense of urgency for the user to divulge private information. Criminals use phrasing designed to make users leap before they’ve looked. A non-exhaustive list of such phrasing includes:

What Information Do Criminals Solicit Via Phishing Scams?

Phishing scams will directly solicit your private information in the body of the email or they may also ask you to click a link that directs you to an information collection form of some kind. Criminals may ask you for pieces of identifying information such as:

• Name
• Birthdate
• Username
• Password
• Social security number
• Home address
• Debit card number
• Credit card number

NEVER click the links in these fraudulent emails and NEVER reply to them. Simply clicking a link in a fraudulent email may be sufficient for the criminal to plant malware on your computer. Once malware has infected your system, it can extract private information from your online transactions unbeknownst to you.

Which Organizations Are Criminals Claiming to Represent?

Criminals may target single individuals and organizations, or they may cast a wider net designed to appeal to general users. Be aware that because it is common for users to voluntarily display personal information such as name, location and occupation on the internet, criminals may use this information to create the appearance of legitimacy. Some popular companies and organizations that criminals claim to represent include the following.

• Amazon phishing scam
• Apple id phishing scam
• Bank of America phishing scam
• Facebook phishing scam
• Gmail phishing scam
• Google phishing scam
• Hulu phishing scam
• IRS phishing scam
• iTunes phishing scam
• Netflix phishing scam
• Paypal phishing scam
• Wells Fargo phishing scam

This list is by no means exhaustive. During this digital age we’re living in, criminals can easily gain information about the places you frequent and organizations of which you are a member. Consider how much a bad actor can learn about you just from your social media accounts.

How Do You Protect Yourself & Your Business Against Phishing?

Know that reputable organizations will NEVER solicit private information or payment information via email. Use the following tactics to protect yourself and your company from phishing scams.

  1. Move suspicious emails to your email account’s trash bin WITHOUT clicking any links inside it. Then permanently delete the email from your trash bin.
  2. Some popular email services such as Gmail allow users to report emails suspected of phishing (see right).
  3. The most valuable rule of thumb we recommend is to exercise common sense and a little bit of restraint. If you aren’t sure if an email is fraudulent, open a new browser window and locate the contact information for the organization. Call the organization and ask if they did indeed solicit something from you.

D4 Advanced Media offers website maintenance and security for $165 per month. We custom-tailor these plans based on the complexity of your site and what features it offers your customers.

Investing in site maintenance services upfront will help you avoid getting your site hacked and the corresponding damage-mitigation costs. If you believe that your site has been hacked or that you or your organization are being targeted by digital attacks, D4 Advanced Media can help.

Contact us, and we’ll develop a custom maintenance and security plan that best suits you and your site’s needs.