How to Avoid Phishing Scams


The online phenomenon of phishing — getting tricked through email into revealing your personal information to a scammer — has been around since the mid-1990s. But people still are getting caught, and phishers still are sending out their bait.

The word "phishing" is a relatively new coinage, deliberately meant to sound like "fishing" because bait is used to try to catch victims.

Here's how to avoid getting caught.

Phishing emails try to excite you or scare you into doing stupid things such as opening an attachment that loads malware onto your computer or clicking on a link that takes you to a fake website. The malware might spy on you, capturing your keystrokes to steal your login and password to your bank. The fake site might look just like your real credit card site, prompting you to type in your login and password.

If you see a message, "You've won a prize!" and you never entered that contest, chances are extremely high you're being preyed upon. If you see a message that your information has been stolen and you should "click here," chances are extremely high that you're being preyed upon. If you see a message that Microsoft has remotely detected a virus on your PC, chances are extremely high that you're being preyed upon.

Instead of clicking on a link or opening an attachment, use your web browser to go to the company's website, log in as you normally would, and check if you have any messages there.

If you're using a laptop or desktop PC, you can "mouse over" a questionable link to see what web address it will take you to. Phishers often use the correct web address as the name of the link but code the link to take you to the bogus address. If the two aren't the same, chances are extremely high you're being directed to a phishing site.

Be especially wary of web addresses that include the @ symbol or email messages that ask you to click on an image. You also should be careful when typing web addresses into your browser so a typo doesn't land you at a phishing site by mistake. Using a bookmark or favorite to navigate to the site will prevent this.

Alternately, you can call and talk to customer support. Look up the company's phone number yourself rather than using a number provided in an email message.

Be careful on Facebook and other social networking sites. Scammers troll these waters looking for innocents to bait, tricking them into revealing financial information, Social Security numbers, mother's maiden names, and so on.

Keep your web browser up-to-date, whether you use Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, or any other. Modern browsers include some phishing protection.

Use security software that provides additional phishing safeguards, such as Norton Security ( Alternately, you can use a free browser add-on such as McAfee SiteAdvisor ( Though these protections aren't foolproof, they can warn you if a site you're about to visit is suspected of malicious activity.

Some tip-offs are more obvious. If a questionable email includes incorrect spelling and grammar, chances are it's from a scammer from abroad whose native language isn't English. If the email's "To" field is blank or if the salutation reads something like, "Hello, [blank]," chances are it's part of a mass emailing from someone more malicious than sophisticated.

You might be savvy enough to avoid the above mistakes. Make sure family members, friends, and coworkers are as well. Nobody wants to spend tedious hours trying to straighten out the mess after a scammer has stolen their identity. 

—Reid Goldsborough is a syndicated columnist and author of the book

Straight Talk About the Information Superhighway. He can be reached at or