Supply and demand: This basic tenet of commerce is equally applicable to criminal activities. It goes hand in hand with the old adage "where there's a will, there's a way". In the case of phishing email, as long as people fall for the tricks, the tricks will keep on coming. And there's definitely a will to keep the gravy train flowing. Having the keys to your online kingdom gives the phisher the means to access your account(s), view your profile and glean other information that can be used for everything from credit card fraud to outright identity theft.
It's Not the Who, It's the How
Don't get hung up on labels. Phishing scams can target anyone. It's not just Chase, or Bank of America, or eBay, or PayPal, eGold, or any other specific bank or eCommerce site. Phishing email can't be defined by what entity they pretend to be from, but rather by what it is the scammers are trying to do. Any email that is received unexpectedly that instructs you to login to any account for any reason should be viewed with suspicion.
Hook, Line, and Sinker
Commonly, phishing emails use fear tactics, warning that your account may have been compromised, or has been suspended, or needs to be updated. Phishing scams may also claim to be bills for items you never ordered or auctions you never bid on.
A phishing email can be very sophisticated - using images and terminology associated with legitimate websites or companies - and the email may even address you by name. Likewise, a phishing email can be very rudimentary, using poor grammar and spelling, not identifying you by name, and skipping the use of logos altogether. In other words, just as you can't define a phishing email by whom it's targeting (i.e. Chase customers), you also can't define a phishing email by the way it looks.
Regardless of the tactics used, the hope of the scammers is that you will use the link in the email to check your account. Ironically, the phishing email may even warn you about the hazards of clicking the link, and instruct you to type it into the browser instead. Once you've logged onto their site (which has been carefully crafted to look like the legitimate bank or commerce site), the scammers capture your login credentials.
Don't Swallow the Bait
An informed consumer is a safer consumer. Familiarize yourself with these examples of phishing scams. Then, if you receive a suspected email phish, be a good netizen and report the phishing scam to help get the scammer shutdown. Avoid the temptation to follow the link to see where it leads. Many phishing sites have been booby-trapped with malicious code. Even if you don't enter your login details, visiting the website could infect your system with a backdoor Trojan which can then capture the coveted credentials.
It bears repeating: Any email that is received unexpectedly that instructs you to login to any account for any reason should be viewed with suspicion. If you’re in doubt, use low tech methods to verify the authenticity of the email – pick up the phone and call the bank or commerce site to confirm. But don't rely on a phone number included in the suspicious email - scammers have been known to use that trick as well.
Stop the Spawn of Phishing Scams
Whether it's in the form of higher bank fees, or higher prices as a result of charge-backs to the commerce companies, we all pay for phishing scams. Stop the supply of these miscreant email by stopping the demand. Tell your friend, your mom, your dad, and anyone else you know about the hazards of phishing email. Tell them any email they received unexpectedly that instructs them to login to any account for any reason should be viewed with suspicion. Then tell them again, just to make sure it sticks.