According to the experts from PMI Education, phishing is a prevalent method of online identity theft. In its most common form, victims receive email messages mimicking official messages from banks, credit card companies and other online businesses. These emails are often incredibly detailed and difficult to differentiate from the real thing.

In these “spoofed” emails, the phisher asks for your personal information. For example, a fake email from your bank may say that your account has been dormant for too long and they are going to cancel your account unless you provide your account number and other personal information to prove that you are an active account holder. An even more devious version might involve a message stating that your account has been hacked and that they need your account number and information to close the account so that the criminals can’t withdraw any funds. Because these spoof emails look so real, thousands of people have fallen victim to phishing scams over the years.

Here are the steps of a phishing scam:

• Planning: The scammer identifies a business to target. Using various illegal techniques they obtain email addresses for the customers of that business. This ensures that the victims will be familiar with the supposed email sender.
• Setup: After obtaining the email addresses, the scammer designs an email mimicking the style of the chosen business. This includes logos and official letterhead. As mentioned earlier, many spoof emails are nearly identical to the real thing.
• Attack: The scammer sends the message out to the chosen recipients. Unwitting customers enter their information into the popup window or dummy webpage the email directs them to.
• Collection: The scammer gathers all the personal information gathered by the popup windows or webpages.
• Theft: Some scammers are only looking for a quick score. They’ll use the information they have collected to make a flurry of online purchases and then move on to the next phishing campaign. Others will use the information to commit identity theft, which can be very difficult to track and causes significant damage to individuals.

The most important thing to remember is that your bank will NEVER ask for your personal information via an email. Likewise, other reputable online businesses won’t send you emails asking for bank information. If there is ever any doubt, call the business that allegedly sent you the email to verify it was legitimate. One quick method for spotting a dummy URL link in an email is to position your mouse pointer over it without clicking it. This will reveal the actual URL, which will be a dummy site in the case of a phishing scam. Read the URL carefully, because often the difference will be minuscule. For example, First Security Bank could be spelled slightly different in the spoof URL, such as firstsecurritybank.com or firstsecurebank.com.

By installing an effective antivirus system on your computer, you are taking the first step to protecting yourself from phishing scams. Also make sure your computer has an activated firewall. Beyond that, you should always be on your guard. Scammers are increasingly adept at their trade and if you aren’t careful, it is easy to fall victim.