Hackers send fake emails or set up fake web sites that mimic websites like Yahoo!'s sign-in pages (or the sign-in pages of other trusted companies, such as eBay or PayPal) to trick you into disclosing your user name and password. This practice is sometimes referred to as "phishing" — a play on the word "fishing" — because the hacker is fishing for your private account information. Once they gain access, they can use your personal information to commit identity theft, charge your credit cards, empty your bank accounts, read your email, and lock you out of your online account by changing your password.
If you receive an email (or instant message) from someone you don't know, directing you to sign in to a website, be careful! You may have received a phishing email with links to a fake website. A phishing website (sometimes called a "spoofed" site) tries to steal your account password or other confidential information by tricking you into believing you're on a legitimate website. You could even land on a phishing site by mistyping a URL (web address).
Is that website legitimate? Don't be fooled by a site that looks real. It's easy for phishers to create websites that look like the genuine article, complete with the logo and other graphics of a trusted website. Important: If you're at all unsure about a website, do not sign in. The safest thing to do is to close and then reopen your browser, and then type the URL into your browser's URL bar. Typing the correct URL is the best way to be sure you're not redirected to a spoofed site. As browsers get more sophicated, they tend to develop ways to prevent you from these types of sites. If you do not see the image of a lock in the address bar in front of the https:// or the s in https there is a good change it is a fake site.
If you receive an email from a web site or company urging you to provide confidential information, such as a password or Social Security number, you are most likely the target of a phishing scam. The tips below can help you avoid being taken in by these hackers.
Look out for a sender's email address that is similar to, but not the same as, a company's official email address. Fraudsters often sign up for free email accounts with company names in them (such as "email@example.com"). These email addresses are meant to fool you. Official email from Yahoo! always comes from an "@yahoo-inc.com" email address. Yahoo, Google, Microsoft or your banking institution will never ask you for login information.
Hackers often include urgent "calls to action" to try to get you to react immediately. Be wary of emails containing phrases like "your account will be closed," "your account has been compromised," or "urgent action required." The fraudster is taking advantage of your concern to trick you into providing confidential information. This is also know as Scareware because it preys on the fears of users
Hackers often send thousands of phishing emails at one time. They may have your email address, but they seldom have your name. Be skeptical of an email sent with a generic greeting such as "Dear Customer" or "Dear Member". They might take a shot and lead with "Dear Linda" know that you are not but hoping you just might try and correct them by notifying them that they are sending this email to the wrong person. Unfortunatly, you just invited them in.
To trick you into disclosing your user name and password, fraudsters often include a link to a fake web site that looks like (sometimes exactly like) the sign-in page of a legitimate website. Just because a site includes a company's logo or looks like the real page doesn't mean it is! Logos and the appearance of legitimate web sites are easy to copy. In the email, look out for: Links containing an official company name, but in the wrong location. For example: "https://www.yahoo.net is a fake address that doesn't go to a real Yahoo! web site. A real Yahoo! web address has is a .com address "yahoo.com" — for example, "https://www.yahoo.com/" or "https://login.yahoo.com/."
Phishers are becoming more and more sophisticated in designing their phony websites, don't be suprised if you get hooked but if you do follow these steps if you think you've been phished. Most browsers and protection software will warn you that you are on a dangerous site and ask if you wish to continue. Just click on no, and go back to where you were before. If your browser does not warn you, there are extension that you can put in your browser that will. WOW is one of the more popular ones.
Just because the address looks OK, don't assume you're on a legitimate site. Look in your browser's URL bar for these signs that you may be on a phishing site:
Be careful if you're sent to a website that immediately displays a pop-up window asking you to enter your username and password. Phishing scams may direct you to a legitimate website and then use a pop-up to hijack your account information. Also, if you receive more than the occasional pop-up, you probably have tracking cookies.
Use a Web browser with anti-phishing detection. Edge, Firefox, Chrome and other Web browsers have free extension that can help you detect phishing sites. Besides WOW mentioned above,Norton Search and Malware Search will work as well.
There is no need to be intimidated while surfing or viewing your email but every reason to be cautious. Hackers spend their entire day trying to get past hurddles that operating systems and protection software companies put in place. They will always manage to find a way to get their foot in the door. Yes, a website with a lock and https:// is probably safe but there is no guarantee. An email from your uncle George might actually be sent from a hacker that hacked uncle George. If the topic line does not sound right, expecially things like: "Hey I thought you just had to see this!" or "Check This Out" or that you just WON a gift just ignore the email, don't open any of it's attachments if there are any and you email uncle George ask him if he sent this.