Phishing AttacksUnderstanding Online Scams

No one likes to be scammed. Not only do breaches of information and finances wreak havoc on personal lives, but a sense of violation occurs as well. Understanding what scams are and how they work prepares would-be victims with awareness and the knowledge to avoid — even stop — this criminal activity.

What is Phishing?

At core, phishing is criminal activity. In action, phishing is the fraudulent acquisition of sensitive information. Such items as Social Security Numbers, driver’s license numbers and credit card and bank account information fall into this category of confidential information.

Phone phishing or vishing (voice phishing) uses social engineering via the telephone system to access personal and financial information. The information then can be used to open new accounts or gain access to existing accounts with someone posing as you.

Interactive voice response (IVR) phishing recreates an organization’s IVR system to obtain access to sensitive information. Information gathered using automated customer inputs or voice conversation with a bogus customer service representative is used to gain financial reward for the fraudster.

What Do These Scams Look Like?

Typically, phishing scams work by inducing urgency and panic on the part of the victim. Warnings of fraudulent account activity, crashing computer issues or threats of loss often incite unknowing victims to click or verbally provide information to remedy the situation.


Fake emails that request information by means of the email or by a return phone call can gather passwords and other sensitive information. Unfortunately, these emails often appear to be legitimate. Required password inputs (often requested several times) route this personal information to scammers.

Falsely representing themselves as Intuit, Quickbooks and TurboTax, scammers request account updates, tax information, invoice payment and customer alerts, relying on your trust in these companies in order to defraud you.

Phone Calls

Phishing through phone calls often begins with an email or phone message asking the recipient to call a particular organization, perhaps to update information or receive earned rewards. However, the return call does not connect the victim with the business, but instead with a fraudster. Again, on the surface, these calls appear to be legitimate.

Using these phone calls, requests for updated account information, passwords, banking information and other sensitive information are dictated into the waiting ears of the scam artist.

IVR Systems

Typically, an email will request a call to an organization to verify information. The standard system then rejects the victim’s login attempts requiring multiple PIN or password entries, disclosing them to the fraudster. The system may even refer you to an imposter customer service agent for further information gathering.

How is Awareness Raised About These Scams?

Raising awareness about targeted scams remains difficult because the strategies and tactics of fraudsters develops right along with technology. As anyone surfing the web knows, truth-bearing facts do not always stand out from inaccurate information.

Public Awareness

Making the public aware of the existence of phishing scams helps put people on guard. Naiveté and trust are pitfalls in this sector. Ways to accomplish awareness include participating in fraud awareness week or month. These events are created to educate the public through leaflets, posters, brochures, software and more.

Creating Informed Users

Awareness must focus on creating informed internet and phone users. Learning to recognize inconsistencies and check information proves useful in protecting citizens. Alerting the public to agencies and internet sites that provide accurate information regarding scams and fraud protection helps to inform and protect.

Companies like Global Learning Systems offer courses to educate citizens about the risks of phishing and the kind of protections that are available.

Many businesses such as Intuit produce up-to-date lists of current phishing alerts. Giving citizens information about scams to watch for and guard against prepares the public for what might be waiting for them.

Reporting Phishing

Contacting organizations directly and reporting potential phishing attempts also helps to spread the word. Reporting directly to a company, to the Federal Trade Commission, and sometimes to local authorities raises awareness and brings about results.

Examples of Phishing Scams

In this day of technological advancement, there is no shortage of phishing scams. No sector of business seems to be excluded. For examples of phishing scams, check out websites such as APWG (Anti-Phishing Working Group).

Avoiding Phishing Scams

A few tips on how to identify phishing scams can keep us alert. Other reputable sites and courses, such as those through Global Learning Systems, provide more detailed information.

  • Watch for inconsistencies. When receiving emails or phone calls, consider the following information:
    • Do you know the sender or caller?
    • Does the email include attachments?
    • Is personal information requested?
    • Do links appear legitimate?
  • Be leery of a request for personal information.
  • Do not trust nor click on links within emails. Go directly to the company’s site using your browser.
  • View websites in plain text to identify URLs linking to other locations.
  • Use an organization’s customer service number. Do not trust numbers provided on emails or through phone calls.
  • Contact an organization’s security department to confirm the legitimacy of emails or phone calls.