PhishingYour teens may be much more savvy when it comes to navigating the Web and mastering new technology, but they may not always be aware of the dangers that come along with online activity. Phishing is a type of internet fraud sent via email in an attempt to deceive users into sending or entering login information. In this scenario, scammers send emails from official-appearing email accounts or link the users to websites copied from the original. From there, they attempt to capture login information for any number of popular online services, such as ebay, Facebook and online games such as World of Warcraft. The Anti-Phishing Working Group reports that 72,758 phishing attacks were launched in the first half of 2013.

You can’t watch over your teen’s every move online, but you can arm them with valuable information to protect himself against this type of fraud. Keep an open dialogue with your teen and encourage him or her to come to you with any suspicious behavior. Educate them on these signs of a phishing scam.

Red Flags

Some phishers don’t put a great deal of effort into making fraudulent sites looking legitimate. According to the U.S. Securities and Exchange Commission, the fraudulent site’s URL or email address won’t appear correctly. It may have letters added, extra symbols such as hyphens, or substitute numbers for letters, such as 1 for a lowercase L. Look closely before clicking through. If you do click a URL through your email, look for a secure lock logo in the address bar or a https at the beginning of the URL to denote a secured login form.

On the other hand, some phishing sites look identical to the legitimate sites they copy. They even send emails with official-looking logos and URLs from a bank you trust or other financial institution or organization you use regularly. Check out this example of a phishing scam that can almost pass for legitimate. So how do you know what and who to trust? Online marketing consultant Casey Cheshire recommends keeping an eye out for these red flags:

  • If a bank asks you to “verify” something over email, it’s a major red flag. A legitimate financial institution will never ask you to verify or confirm anything through an email or link.
  • You know that site key image you chose when setting up your bank account? Pay attention to it. If you don’t see a site key, it might be an insecure URL.
  • If you don’t recognize the destination URL, it’s probably not legitimate. It might have your bank name in it or even have a .com domain, but look for little differences that you don’t regularly see on the actual bank page.
  • Something as simple as a grammar mistake can give up a phishing email. If you look at the example from earlier, there were several spelling and punctuation errors that would not be in official bank correspondence.

Digging Deeper

Sometimes scammers go above and beyond to make their emails look legitimate. The URLs may appear right, and it may even come from the right email address. However, when you teach your teens to look a bit deeper, the scam becomes apparent. CBS Money Watch recommends skipping over any links in an email, but if your teens insist on clicking through anyway, tell them to hover over the URL before they click. It reveals the actual address they’re going to in the browser, instead of the address it looks like within the email. A scammer may link a legitimate-looking URL to a bogus site. Teach your teen to type the URL in the destination bar instead of clicking links.

Reporting and Avoiding

Many companies have an email address where your teens can report any suspicious phishing activity. Instruct your teen to forward the email in its entirety to the company’s anti-phishing division. This allows the company to use its anti-fraud resources to stop phishing attacks, instead of having its customers end up with compromised accounts.

As further precaution, install anti-phishing devices or software to add an extra layer of defense against internet fraud. And as a general rule of thumb, always encourage your teen to type the URL into the browser rather than click through an unsolicited email.

Contributor: Alan Craig