Target 11 investigates: How to spot phishing

Updated:

Loading

PITTSBURGH - Cybercriminals are filling our inboxes with phony emails every day. It's called phishing. They're after our money and our identities. Consumer investigator Robin Taylor discovered how easy it is to create a bogus website.

Phishing is one of the easiest ways for cybercriminals to get your personal information. You hand it right over to them, because you think they're a trusted source. It's as simple as clicking on a link in an email that looks like it's coming from your bank.

"We have temporarily suspended your account and your access to online banking," Tina Blodgett-Darr read from a phishing email she had received.

The email stated someone had tried to access her Bank of America account. If she didn't verify her identity, it said, her account would be closed.

"It had their logo. It had their email address, the whole nine yards. I mean, it was very real," said Blodgett-Darr.

But a call to Bank of America revealed the email was bogus. It had bounced off servers in Brazil and Denmark, landing in Tina's inbox in Pittsburgh.

"It's very hard to catch them for the sheer fact that a lot of the bad guys aren't even in the United States," said Sgt. Michael Del Cimmuto of the Pittsburgh Police Computer Crimes unit.

It's estimated Americans lost more than $25 million last year to phishing schemes.

To get a better understanding of how this type of crime works, I turned to Sgt. Del Cimmuto, the head of the computer crimes unit, who showed me how easy it is for criminals to fool you.

"So this is your website," said Del Cimmuto.

He scrolled down to my bio on WPXI.com. And then he showed me a duplicate page that looked exactly the same. It was identical in almost every way and I couldn't tell the difference.

"So you somehow copied this?" I asked. "Right, I copied your website," said Del Cimmuto.

Only this time when he clicked on the link, it didn't go t0 my page. It went somewhere else. For demonstration purposes, Del Cimmuto set it up to go to the city of Pittsburgh's website. That's the trick. The phony website looks real, but the link could lead you to the bad guys.

"Is it easy for someone to create a very real-looking fake website?" I asked.

"It's very easy for someone who understands the code," said Del Cimmuto.

Here are a few sure-fire ways to tell if it's phishing. First, check the email address it's coming from. Then, look for grammatical or spelling errors. Finally, inspect the web address.

"If you hover over your PayPal link and you see it's going to something like, IGotYou.com.uk, then maybe it's not going to PayPal. If you hover over the PayPal link, it should say PayPal," said Del Cimmuto.

The top five phishing emails look like they're coming from financial institutions and there's no sign of the schemes slowing down.

About 500 million phishing emails appear in inboxes every day.

"Phishing comes and phishing goes, but phishing will always be here," said Del Cimmuto.

Another way to protect yourself is to set up different email accounts. For example, my PayPal account isn't linked to my work email, so if I get an email at work from PayPal, I know it's not real.

If you're ever in doubt, don't click on a link; instead, type in the web address or pick up the phone and make a call.