We’ve all encountered these things—official-looking email messages that say "Click here to reactivate your account,” or “Click here to confirm your identity,” etc. These messages can be tempting because they often seem like the real deal. They might talk authoritatively about bank balances or email quotas, and they can look awfully official.
But hopefully there’s also a nagging suspicion that makes you wonder if messages like these are “real” or some kind of scam.
In truth, these things are almost always “Phishing” attempts.
A Quick definition from our friends at Wikipedia:
Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
But how do you tell the real emails from the scams?
Geoff Duke over at UVM Enterprise Technology Services has written about how he tells the difference, and it’s a good read. Check it out, and look for the reference to phish-headed Star Wars character, Admiral Akbar.