Imagine yourself walking down the sidewalk. A stranger approaches you. He is wearing business attire and a nametag from a large, multinational bank or credit card provider. He says this: “Excuse me, Customer? Your card has been deactivated due to suspicious activity. Would you please tell me your name, account number, Social Security information, online banking password, and PIN?”
Would you give this person anything he asked for?
Of course you would not. However, this scenario is exactly what happens in the classic phishing scheme: a message informs you that your card has been deactivated, and gives you a link to a website designed to harvest personal financial information and hand it over to someone you don’t know. The message and the website may be dressed up in logos and slogans that mimic some large financial provider, but that does not make them real. The only real difference is that the communication is happening through email instead of in-person.
If you picture unexpected emails, text messages or phone calls from people you don’t know (and whose identity you therefore cannot verify) as in-person approaches, the suspicious intent becomes incredibly clear.
Would you listen to a person running up to you on the street and saying that because you did not pay your taxes (or failed to report for jury duty) you are going to be arrested in one hour unless you buy a prepaid debit card and tell them the numbers?
If someone tapped you on the shoulder and said, “Greetings. You have won the Microsoft Email Lottery. Two-point-five million United States Dollars. But you have to give me five thousand to cover taxes and fees first,” would you run straight for your bank to withdraw the cash? How would you react to a stranger telling you they wanted to immediately hire you for a work-at-home job processing payments, and all you have to do is open an account at a certain bank and tell them the account and routing numbers? Would it strike you as a legitimate offer?