eBay users were recently asked to confirm their identity via emails that seemed to come from the company. And through a common technical trick, even the link in the email appears to come from a legitimate eBay URL.
Such phishing attempts have one thing in common: they masquerade as legitimate organizations and request your personal information. The thing to remember in thwarting such attempts is this: very few companies will email, text or call you for information they already have.
And yet, phishing has existed for almost 20 years. Why? Because it works.
The power of phishing is the context in which it reaches you. If you just purchased something from Amazon, it might make sense that the company would email you to login and confirm your order. And if you got an email from Intuit to confirm a purchase of tax software that you in fact never ordered, it’s natural to want to correct them of the mistake.
In fact, tax season is hacker season. You’ve got taxes on the brain. So when you receive what appears to be an email from a legitimate financial institution offering you tax services at a discounted rate or the IRS itself, it’s not unheard of to fall for the trap. And many do.
To avoid this, NEVER engage in any kind of communication with the company via the email or text message that was sent. Don’t click on any links. Don’t use the email address they provide. And if their email includes a phone number, don’t call it. These are all ploys to lure you into thinking you’re communicating with the company in question, so they can trick you into providing all kinds of sensitive information, including your account number and password, social security number, credit card details and more.
Have you ever been lured into a phishing attack? Or are you too smart to be reeled in? What gave it away?