This practice is sometimes referred to as "phishing" — a play on the word "fishing" — because the fraudster is fishing for your private account information.Typically, fraudsters try to trick you into providing your user name and password so that they can gain access to an online account.Phishers are becoming more and more sophisticated in designing their phony websites, follow these steps if you think you've been phished.There's no surefire way to know if you're on a phishing site, but here are some hints that can help you distinguish a real website from a phishing site: Check the Web address.Fraudsters often sign up for free email accounts with company names in them (such as "[email protected]"). Fraudsters often include urgent "calls to action" to try to get you to react immediately.Be wary of emails containing phrases like "your account will be closed," "your account has been compromised," or "urgent action required." The fraudster is taking advantage of your concern to trick you into providing confidential information.The tips below can help you avoid being taken in by phishers.
A phishing website (sometimes called a "spoofed" site) tries to steal your account password or other confidential information by tricking you into believing you're on a legitimate website. It's easy for phishers to create websites that look like the genuine article, complete with the logo and other graphics of a trusted website.Be wary of other methods to identify a legitimate site.Some methods used to indicate a safe site can't always be trusted.A small unbroken key or locked padlock at the left of the URL bar of your browser is not a reliable indicator of a legitimate website.Just because there's a key or lock and the security certificate looks authentic, don't assume the site is legitimate.If you enter a fake password and appear to be signed in, you're likely on a phishing site.Do not enter any more information; close your browser.Be careful if you're sent to a website that immediately displays a pop-up window asking you to enter your username and password.Phishing scams may direct you to a legitimate website and then use a pop-up to gain your account information. If you not sure if a site is authentic, don't use your real password to sign in.Typing the correct URL is the best way to be sure you're not redirected to a spoofed site.If you receive an email from a web site or company urging you to provide confidential information, such as a password or Social Security number, you might be the target of a phishing scam.