The Florida Bar - Board Certified Badge
Martindale-Hubbell - AV Preeminent Badge
Super Lawyers - Michael B Cohen Badge

Phishing Scams

How Personal Information is accessed by Would-be Offenders

As careful as a person may be with putting their personal information "out there", identity thieves use various methods to capture data that can lead to the theft of your identity.

Most doctors require your Social Security information when you first fill out your medical intake forms. The same is the case if you're admitted to a hospital emergency room or a similar medical facility.

Although many of us want to believe that our information is safe with these institutions, other people, typically employees of these firms have full access to your records. The same scenario applies in other cases when your Social Security Number is required when other types of forms are filled out; such as opening a new bank account.

In many cases employees may sell your information to others making a small profit but at the same time opening you up to a larger fraud.

In addition to the medical and banking fields, others have dreamed up further creative methods to gain access to another's personal data. To read an article that directly deals with one of these methods, click here to read an article recently posted on my legal blog.

What is a Phishing Scam?

In the age of the Internet, many imaginative methods have emerged; phishing scams being the most frequently exercised.

A phishing scam is an attempt to gain access to personal information usually prepared through a received email that impersonates a person you appear to actually know or an institution such as a bank, online vendor or merchant services provider that you already do business with.

The main component used in these phishing scheme emails which cause many people to "bite" is the appearance of what at first glance appears to be a great offer, or a rooted component of urgency or fear.

In the instance of the "great offer"; just as a pretty, dancing, colorful "lure" is used when sportsmen or the pubic actually go fishing, a flashy, inviting email can accomplish the same consequence.

An example of an actual received email displaying an offer that may make some people explore it further is displayed below. The subject line of the email is displayed as: Your Amazon Prime $50 Spring customer appreciation voucher expires 03.26.16 and the sender shows as: Amazon Reward Center. You may not think twice about its legitimacy because you have an amazon account. But danger may lie in wait inside.

Clicking the link included in the message will most likely take you to a web page with a form to be filled out to claim your "reward". The form will ask for personal information that can then be accessed by the sender to use for their own purposes. Even if no form appears on the web page, the page itself may contain an embedded virus that can infect your computer and then data mine through it for passwords and/or personal information. I added XX within the web address below in order to make it inaccessible:

Amazon Voucher Give-Away

Amazon Prime Customer

This week and weekend only we have a $50 Reward for all Amazon and Amazon-Prime members. (Expires 03/26/2016)

Go here to redeem your Amazon Voucher today- httpXX://

Thanks again for shopping with us.

Amazon, Earth's Biggest Selection
Checkout Voucher No. 3089744
Member ID: SI14462151

How Do I know if an Email is Legitimate?

In most cases, the easiest way to view the actual sender is to place your mouse pointer over the "Sent From" name at the top of the opened email. Some email services will allow you to view this by doing the same even before the email is opened. Keep in mind that opening the email will not harm or compromise your computer but never click any links found within.

In this case you would see that the email was sent from:

If for any reason this method doesn't show the origin of the email, simply click the reply button to display the sender.

Now that you know the email's origin, looking carefully at the sender will show you that the actual Domain the email was sent from is; not This is a clear signal that the email is bogus.

An example that displays urgency or instills fear may look like the second sample below:



Your Name - Your vehicle's warranty may be set to expire or has recently expired based on age or mileage.

DEADLINE: 02/25/2016
Auto Warranty Expiration Notice for,
Your manufacturer's auto warranty has expired.
Going forward you will be responsible for auto repairs costing 1000s of dollars.
Go here now to save 58% on your extended auto-warranty
*offer-ends in 72-hours

**End Notice #2522581


Your first clue that the email is fraudulent should be that your particular Insurance Company isn't listed in the email at all and even though your actual name is listed, the email is most likely also a phishing scam. In many cases by sheer coincidence, an email similar to this one may use your actually Insurance Company's logo on it.

Lastly, an email may be received from someone that you know with a vague message and a link inside. In this case always double check with your acquaintance to make sure it was actually sent by them. Viruses previously downloaded to your computer can break into your address book and send phishing emails that appear to be from a friend.

Common sense is your best defense for protection from becoming a victim of a phishing scam.

Use the same steps listed above to find the sender's email address to determine if the last example I listed is a legitimate email.

Michael Cohen is a Fort Lauderdale federal identity theft defense attorney with close to twenty years of experience in this area of the law. If you are charged, arrested or under investigation for any type of crime related to identity theft, call Mr. Cohen now for the assistance that's needed as well as a confidential free case evaluation.