What Is Phishing and How To Avoid It?

Where You Need a Lawyer:

(This may not be the same place you live)

At No Cost! 

 What Is Phishing?

Phishing is a scam by which an unsuspecting victim voluntarily gives some type of personal or financial information to what they think is an official institution or company with which the victim may already have some type of connection.

An example would be the mass emailing that took place in 2003. An email was circulated to a huge number of people that claimed to have originated from eBay. It informed the people who received it that their accounts would be canceled if they did not click on a link within the email and confirm some information.

When the recipients of the email clicked on the link, they were given access to what seemed to be an official eBay page that asked the recipient to update their credit card information.

In reality, it turned out that neither the website nor the email had been authored by eBay. Rather, it was sent by a phishing scammer who used it to collect the credit card information of thousands of strangers. While not all those who received the email took the bait, many of those who received it had an eBay account and thought it was a legitimate email from eBay. They provided their credit card information as requested.

How Do I Avoid Falling Victim to These “Phishing” Scams?

Here are some suggestions that will help a person avoid falling victim to phishing scams:

  • Be suspicious of emails: Legitimate companies tell consumers that they do not ask for sensitive financial information via email. So, if a person gets an email asking them to provide any kind of personal information, even if it looks perfectly legitimate, a person should disregard it. The more urgent the request, the more likely it is to be bogus.
    • A better approach is to check the company’s official website or contact customer service and ask if the email is legitimate. Frequently, a company quickly becomes aware of these phishing scams and can warn their customers about them.
    • Also, phishing email examples show that they have common characteristics, such as poor grammar, fuzzy logos and other graphics, and unusual website identifiers. Often, the strange email address of the originator is a dead give-away;
  • Never send confidential information in an email: A person can assume that a best practice for personal finances is not to send any confidential financial information via email. Emails are not as secure as we sometimes may want to believe.
    • Instead, a person should provide financial information through a secure website, such as one whose address begins with “https” instead of just “http.” Even then, a person should be cautious about what information they give away online and not give away any private financial information;
  • Use security software: In addition, a person should have security features on their computer that allow them to access websites within a security feature. This adds an additional layer of privacy. Nowadays, a person can access their bank account online and keep a close eye on it. If they should detect any activity that they do not recognize as their own, they can alert their bank immediately;
  • Use anti-virus software: A person should definitely use anti-virus security software on their computer and keep it updated. In a type of phishing attack known as malware phishing, the phishers send emails with attachments. If the recipient opens the attachment, it can inflict harm on their computer or install a tracking program that tracks the user as they “travel” to and use websites.
    • In some phishing attacks, the phishers can send malware that is capable of paralyzing entire IT systems. A person may receive training about phishing at their place of employment. They can apply the lessons learned at home as well.

Of course, these attacks can happen without the user’s knowledge. Sometimes, good security software can detect malware and disable it. Then, it can be removed.

What Happens When You Get Phished? How Long Does Phishing Last?

Some of the consequences a person might experience from phishing are described above. A criminal perpetrator may obtain a person’s confidential information such as credit card numbers, social security numbers, and other items. They might use the information to perpetrate theft of the person’s assets, including their identity. The security of a person’s computer might be compromised.

The consequences of phishing may last a long time. Or they might be short-lived. This would depend on the kind of phishing involved.

What Are Some Other Types of Phishing Attacks?

Some additional types of phishing attacks are as follows:

  • Whaling: In a whaling attack, the phisher may target specific people, so-called “big phish,” such as highly placed business executives and celebrity personalities. They gather information about the person both online and offline by researching their jobs and social lives.
    • They then use the information they have learned to formulate targeted attacks that may be especially good at penetrating the target’s computer security systems;
  • SMishing: The term “SMishing” comes from combining the words “SMS” and “phishing.” In a SMishing scam, the perpetrator sends cell phone text messages disguised as trustworthy communications from legitimate businesses such as FedEx.
    • They are more likely to trick people because text messages appear more personal than emails might;
  • Vishing: Scammers in vishing schemes set up fake call centers to trick people into giving them sensitive information over the phone. In many cases, these scams use social engineering techniques to trick victims into installing malware on their mobile phones in the form of an app.
    • They also trick people into calling them directly and then soliciting the information.

A person needs to use the same caution in dealing with unwanted “robocalls” that they apply to suspicious emails.

Are There Any Legal Penalties for Phishing Scams?

All states make it a crime to fraudulently acquire another person’s personal information, but only a minority of states have laws specifically targeted at phishing. However, even in those states that do not have specific phishing laws, other criminal laws apply to phishing activity, e.g., fraud, theft, computer crimes, and identity theft, meaning the activity is a crime in every state. States without these laws may also adopt phishing laws as the crime becomes more common.

While phishing is addressed by laws in every state, there is no single federal law that explicitly makes this type of activity criminal. However, there are other federal criminal laws that apply to phishing and other identity theft crimes as well. For example, because phishing involves solicitations that are usually sent over the Internet, the federal law against wire fraud is often used by federal law enforcement to charge phishing crimes.

What Are Some Legal Issues to Consider in a Phishing Lawsuit?

Of course, if a phisher should succeed in stealing a person’s assets, the victim could sue them in a civil lawsuit for fraud, civil theft, and other possible civil wrongs. The victim could recover damages to compensate them for their losses. This is not in question.

The problem is going to be identifying and then locating the phisher. Often, phishing scams originate in foreign countries. Perpetrators are experts at hiding their identities. Identifying the phishers and then locating them geographically could be difficult, if not impossible. Additionally, bringing them to justice in the U.S. legal system might prove to be quite challenging as well.

It might be better for a person to be diligent about protecting themselves from phishing and other computer and phone scams. They should also make sure to have good, up-to-date protective software in place on their home computer system.

The Federal Trade Commission (FTC) takes reports of identity theft at IdentityTheft.gov. They can also find resources that help people recover from identity theft. The site offers advice as well as resources such as checklists and sample letters to use in communicating with companies about identity theft. To report phishing scams and frauds, consumers can visit reportFraud.ftc.gov.

A person can purchase identity theft insurance and submit a claim if they are victimized.

Do I Need a Lawyer for a Phishing Problem?

If you learn that you have given out private financial information to what later turns out to be a “phisher,” the first thing you should do is contact your bank and credit card companies to let them know and to monitor any transactions made on the card or account to which the phisher may have access. You may also want to file a complaint with the FTC, so it is aware of the extent of the scam.

In addition, if the identity of the “phisher” is found, you may want to consult a fraud lawyer. Your attorney can let you know if you may be entitled to any money damages in a lawsuit against the “phisher.” Your lawyer may also be able to direct you to other resources and help you file a claim with your identity theft insurer.

Law Library Disclaimer


16 people have successfully posted their cases

Find a Lawyer