One of the easiest ways to collect your personal information is to trick you into just handing it over, called phishing. Phishing attacks use 'spoofed' emails, fraudulent websites, and even phony customer service calls to fool you into giving out your personal information, such as credit card numbers, account usernames and passwords, social security numbers, etc. Phishing is a type of social engineering attack and is often coupled with other methods to gain information about a target.
...
- Asking for your personal information or taking you to a website that asks you to sign in or enter other personal information
- Urgent calls to action, often with serious consequences (e.g., “You “You must verify your information immediately or your account will be deleted.")
- Messages containing poor grammar and typos
- Messages coming from an unusual name or email address (e.g., a message may appear to come from “unlvpresidentemail@gmail“whitman.president.name@gmail.com)
- Website addresses that don’t make sense (e.g., a link takes you to “whitman“whitman.web.com” com” instead of “whitman“whitman.edu”edu”)
- Very vague messages designed to get a quick reply (e.g., "are you available?")
However, information can be mimicked, accounts can be compromised, and sophisticated attacks can look exactly the same as legitimate messages.
...