First let me answer the question, "What is a phishing scam?" A phishing scam is an email or other online communication (such as through Twitter), usually about a credit card or bank account, that appears genuine but is actually fake. It’s an attempt to steal your passwords so that people can transfer money out of your bank account, charge things to your credit card, etc.
It should go without saying that this sort of activity is highly illegal. Unfortunately, it’s also very effective. On the plus side, phishing scams are easy to identify and avoid.
The Most Important Thing to Remember:
No legitimate bank or credit card company will ever – EVER – contact you via email or other electronic means and ask you to log into their website to verify your information or change your password. Do not ever – EVER – enter a bank or credit card company’s website through an email that you aren’t expecting. If there is a genuine problem with your account, the bank will contact via a physical letter through the post office or they will call you on the phone.
If you receive an email from a friend or loved one about one of your accounts, call them to verify the request. It’s possible their email account has been hacked.
The point is simple: Be paranoid about your online accounts, and never trust unexpected emails about your accounts.
Take the time to find and bookmark the websites for your online accounts. If you receive an email about an account, use your bookmarks to log into your account. Do not EVER click on a link in an email about an online account. Once you’ve logged into your account, and you know it’s safe because you were smart and used your bookmarks, check to see if you have any unread messages, look at your balances, etc. If you see something wrong, call the bank.
A couple of exceptions you should keep in mind:
You quite likely receive monthly emails from your bank that tell you a new online statement is ready. These email are almost certainly safe because they never mention a problem with your account. Still, be extra safe and use your bookmarks to log in rather than clicking a link in the email. Many banks have stopped including links in these monthly statement emails, largely as a precaution against phishing scams.
If you’re creating a new account or resetting your password, you can expect a handful of emails related to those activities. These emails should also be safe because they’re being sent because of something you yourself are actively doing with your online account right at that moment.
Parting tips:
Be aware of things that are obviously out of place. For example, there have been a few phishing scams spread through Twitter that look something like this: "LOL, is this U in this video?!?" But when you click on the link you’re taken to a site that asks for a password. Do you have any online financial accounts that are related to funny video? I doubt it.
Look for links that contain random letters, like dsxjkfuw.com. Domains like this are frequently phishing sites that should not be trusted.