A hacker sends an unsolicited email or instant message to customers to lead them into disclosing confidential personal information. The deceptive email suggests clicking on a link or attachment for any one of the following reasons:
- Request to change / update to personal information
- Potential of privacy or security breaches
- Winning of a contest
- Possible suspension of client cards or accounts
- Application for products
After clicking on the attachment or link from the email scam, the user is taken to a fake site that looks almost identical to the original website known by the user. It may sometimes be extremely hard to detect that the website is fake. This fake site requests from the user confidential personal information, which could include:
- Username
- Account Numbers
- Personal Identification Numbers (PINs)
- Credit and Debit Card Numbers
- Other Personal or Private Information
- Passwords