A year or so ago, I got a somewhat confusing email from Stripe, an online payment processing company. Stripe processes the majority of the purchases made on my online shop, where I sell ceramics. I mostly forget that the company exists; someone buys a mug, Stripe sends me the money. It’s mercifully easy—almost too easy. Which is why I was a little confused that they were emailing me, with the request that I “verify” my bank account number. I clicked the link, signed into what looked like my stripe account, maybe gave some security information, and then immediately got an email asking me to verify my Gmail account because someone else was trying to log in on a different computer.
A lump grew in my throat. I’d been conned. More specifically, I’d been phished.
And it had nothing to do with the band. Phishing is a variety of scam that usually entails an email or text message from someone masquerading as a trusted company alerting you of suspicious activity or asking you to confirm personal information. According to the FBI, Americans have lost up to $30 million a year from phishing scams alone.
noun \ ˈfi-shiŋ\
a scam in which someone poses as a trusted party in an attempt to gain access to a user’s sensitive information such as credit card numbers, email addresses, or passwords
Once I realized that I’d been phished, I immediately changed my Gmail password. I contacted Stripe support, who confirmed the scam and assured me I wouldn’t be losing thousands of dollars. I got off easy. I looked at the original email and wondered how I’d been so gullible.
One of the most challenging things about phishing emails and messages is that they can come in a wide variety of forms, says Zinaida Benson, an IT security expert who teaches computer science at Friedrich Alexander University in Germany. The most common example of phishing, she says, “is sending people an email with a link on behalf of a company, such as a bank, or PayPal, or Amazon, or other online portal. The link asks them to enter personal information (user name, password, credit card details) under some false pretense.”
That pretense could be account verification or asking you to approve an expensive purchase you did not make.
I’d been phished. And it had nothing to do with the band.
“The scammers hope that people will panic and click before they can think rationally,” Benson explains, “or that they just believe what the email says.” If the phishing is successful, the victim’s credentials “are transferred to criminals, who can later sell them to other criminals, or use them themselves to transfer money from accounts.”
Here are some tips for how to stop a phishing scam.
It’s generally unlikely that a large, trusted company would ever ask you to verify a password or sensitive information over email. But, as Benson says, many companies do send links to their users quite often, for example PayPal and Amazon. Therefore, evading this type of scam can be very difficult if it is well made. Her best advice? “The best defense here is not to follow a message that asks you to ‘do something quickly, or else!!!’” What she’s saying is never go to a second location. (Good advice that can really apply to many things!)
If you’re worried that you’re staring at a phishing email, the best course of action—aside from not clicking any links in that email!—is picking up the phone and calling the customer support number of the company you’re allegedly receiving this email from. They will be able to let you know whether the email is real or phony. And if it is a scam, you can help them look into the issue, and maybe even prevent phishing scams in the future.
Looking for more info?
Visit our online safety hub for the latest breach report and a complete guide to staying secure on the internet.