© 2024 Michigan State University Board of Trustees
Public Media from Michigan State University
Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

Beware of E-Mails 'Phishing' for Dollars and More


It happens countless times a day. People receive e-mails from what looks to be a familiar company — their bank, credit card company or another organization. It looks legitimate, often featuring a company logo, but something just isn't right.

Online "phishing" scams reel in unsuspecting users, who can have their personal information, identities and money stolen by unseen thieves.

Tom Regan, host of the NPR News Blog, recently had a close call with a phisher. He talks to John Ydstie about what happened and how to avoid being a phishing victim.

"I think it's the way most people do get caught," Regan says of his phishing encounter. "I wasn't paying any attention to what I was doing."

He opened an e-mail that looked very similar to one he received from his bank. It asked him to log into the site by entering a user name and password. Regan filled in his user name but then looked at the Web address.

"That's when I knew right away I had made a mistake because the URL was not the URL of my financial institution," he says.

He closed the browser immediately, went to the correct Web site and changed his password.

"I got lucky," he says.

In most cases, phishers and scammers can't duplicate the exact URL of a bank or a credit card company. But they try to make it appear as if they're a legitimate site.

For example, in faking the Web address for PayPal, a popular online payment tool, phishers will use the number "1" instead of the letter "l" in the company's name.

"They count on people not to notice that," Regan says. "They'll slightly misspell a word ... but people are busy and they don't notice. They click on it and they go."

Also, watch out for https at the beginning of the URL. Normally, that's a sign of a secure site. If the tiny lock at the bottom of a browser is open, the site is not secure.

Your name, birth date, Social Security number and mother's maiden name can all be used by online thieves.

"They're phishing constantly for any little bit of information that they can find that they can use to get access to your money," Regan says.

In the end, you have to weigh the risks of convenience against security.

Copyright 2023 NPR. To see more, visit https://www.npr.org.

Journalism at this station is made possible by donors who value local reporting. Donate today to keep stories like this one coming. It is thanks to your generosity that we can keep this content free and accessible for everyone. Thanks!