Why you shouldn’t write back to a ‘phishing’ attempt

March is Fraud Prevention Month in Canada, and so it's an ideal time to cover how to better protect yourself from online scammers.

One increasingly prevalent problem is "phishing" attempts that show up in your email inbox, or "smishing" scams via text message.

While these messages look like they're from legitimate companies, they're really malicious attempts to lure you in to giving out personal information -- such as banking info, a credit card number or a social insurance number -- with the intent to steal your identity for financial gain.

Phishing attacks often appear as if they're coming from your financial institution, Internet Service Provider or favourite online retailer, but they're simply linking you to a spoof site by using similar wording and logos.

These messages are often sent to millions of addresses around the world in the hopes that a few people will believe they're legitimate. Scam artists don't know whether there's anybody on the other end of the email addresses to which they're sending their phishing emails, but if you write back, you prove that there is.

While it may be tempting, you should never write back to the sender. You'd only be confirming that your email address is valid, which might invite more phishing attack attempts. In fact, your email address will likely graduate to a more sought-after list of confirmed email addresses.

You could, however, forward the entire message to your financial institution, Internet service provider or the authorities (e.g. the RCMP). You could also forward the email to the "abuse" or "spoof" email address at the company that is being spoofed (e.g. spoof@ebay.com).

But be aware that these scammers are often hard to track down, so don't expect an investigation.

How do you know a legit-looking email or site is a fake? Look at the link in your email and you'll notice the URL it wants you to click on isn't an official site (e.g. bmo.com). Instead, it's something else (like bankmtrl100.cc). Another way to spot the scam is there will often be a sense of urgency ("we need you to confirm your information right away to avoid any problems," etc.) and you'll likely spot spelling and grammatical mistakes as these phishing attempts are usually generated in non-English countries (but not always).

A few other tips on reducing the risk:

* Be sure to install and maintain antimalware software (which includes virus detection), a computer firewall and a web browser with an antiphishing feature. All of these measures can act as an extra line of defense from some of these malicious types.

* Stick with reputable retailers when giving out financial information, like your credit card, and always be sure to look for indicators that the site is secure, such as a little lock icon on the browser's status bar or a URL for a website that begins "https:" (the "s" stands for "secure").

* Whenever you sign up for something online, try to use a secondary email account — such as a free webmail address from Yahoo!, Gmail or Hotmail -- and not your main email address at work or from your ISP (e.g. Rogers, Bell or Telus). That way you can better manage the "spam" (and resulting phishing scams) you might expect from registering online for gaming, shopping, social networks, and such.