How Phishing and Spam Go Hand in Hand
Anyone with an email account will agree that spam is a huge problem. Despite new technology and state-of-the-art filters, these junk messages still manage to find themselves in your inbox. A good portion of spam messages are delivered by legitimate companies and regular people looking to market themselves with a product or service. However, many of them aren't so innocent and pose a great threat to your personal data. That spam message might not be an advertisement at all, but a virus, or even worse, a phishing scam.
The Basis of Phishing
Although the instant messaging system has also been abused, most phishing scams originate via email in the form of spam messages. On first glance, these messages appear to have been sent by legitimate companies, perhaps someonewith whom you have a business relationship. This could be your ISP, financial institution or credit card company. Some of the most prominent commercial companies have been used in phishing scams including PayPal, eBay and Wells Fargo. More recently, con artists have reached a new low by initiating scams targeting the families of deceased Army soldiers.
Most phishing emails ask that you verify or update your account information. Some will attempt to alarm you, stating that an unauthorized party has attempted to access your account or that the account will be terminated if you don't respond with the requested information. These emails tend to look very genuine and usually contain forged logos and proprietary materials. A phishing email typically provides a link which directs you to a fraudulent website, where you are encouraged to enter personal information.
If you happen to follow a link in a spam email, never provide credentials such as your password, phone number or address. When conducting business on any website, you can check their legitimacy by looking for a "lock" icon in the browser address bar. By clicking the icon, you can view their digital certificate and learn when it was issued and when it expires. Another indicator is a URL that reads "HTTPS" opposed to "HTTP." However, neither indicator is considered 100% accurate as criminals have even learned to forge security icons. The best advice is to never click on any link in a spam message, especially one that strikes you as suspicious.
If you receive a suspicious message or an obvious scam requesting your information, you can join in the fight against email scams by forwarding it to the FTC at: firstname.lastname@example.org Make sure to include the complete header of the message along with all the routing details. This will help the according department investigate the matter and hopefully track down the sender. You can also report phishing emails to the Anti-Phishing Working Group at email@example.com . A number of security vendors, a consortium of Internet Service Providers, law enforcement agencies and financial institutions all use these resources to report deceptive spam and phishing.
If you feel that you have already given away personal data to a con artist, file a complaint on the FTC website: www.ftc.gov From there, you should visit their Identity Theft website: www.ftc.gov/idtheft Here you can http://www.ftc.gov/idtheft.learn how to minimize the potential damage of identity theft.