It’s possible that email from your bank in your inbox could be real—or a phishing attempt.
Thieves sometimes impersonate legitimate businesses via email and websites to access your personal information. That information could include PINs, credit card or bank account numbers, or Social Security number.
This is a form of online identity theft.
The data may be used directly by the thieves for financial gain, or it may be sold on the black market to others seeking to profit with your information.
Either way, the personal information could be in criminal hands. If so, that could lead to fraudulent credit and bank account takeovers, opening new bank accounts, and other identity theft crimes.
Although counterfeit websites can look surprisingly similar to the legitimate sites they are attempting to copy, there are some differences if you look closely enough. Here are two examples of what to look for:
- Make sure the web address begins with http:// or an https://.
- Look at the company name in the URL. Fraudsters often make slight alterations to the spelling in the URL name. This might involve changing a letter to a number—for instance, “Interior” may be spelled “1nterior.”
Steps to take to avoid counterfeit websites
In general, be cautious whenever you are asked to provide personal or financial information to a website.
Rather than click on a link to a website, it’s safer to type in the URL address yourself.
Another important step is to keep your browser current with all security updates and appropriate patches.
Editor’s note: This content was lightly edited and updated on April 2, 2018.