You’re sitting on your front porch. You see a stranger walking towards your property. You have no idea whom he is. But he’s nicely dressed. He asks to come inside your house and look through your bank account records, view your checkbook routing number and account number, and jot down the 16-digit numbers of your credit cards. Hey, he also wants to write down all your passwords.
You say, “Sure! Come on in!”
Is this something you’d be crazy enough to do? Of course not!
But it’s possible that you’ve already done it! That’s right: You’ve freely given out usernames, passwords and other information in response to an e-mail asking for this information.
A common scam is for a crook to send out thousands of “phishing” e-mails. These are designed to look like the sender is your bank, UPS, Microsoft, PayPal, Facebook, etc.
The message lures the recipient into clicking a link that either leads to a page where they then are tricked into entering sensitive information or that link is infected and downloads malware to the users’ device.
The cyber criminal then has enough of your information to raid your PayPal or bank account and open up a new line of credit—in your name.
The message typically says that the account holder’s account is about to be suspended or deactivated due to (fill in the blank; crooks name a variety of reasons), and that to avoid this, the account holder must immediately re-enter login information or something like that.
Sometimes a phishing e-mail is an announcement that the recipient has won a big prize and must fill out a form to collect it. Look for emails from FedEx or UPS requiring you to click a link. This link may be infected.
Aside from the ridiculousness of some subject lines (e.g., “You’ve Won!” or “Urgent: Your Account Is in Danger of Being Deactivated”), many phishing e-mails look legitimate.
If you receive an e-mail from a company that services you in any way, simply phone them before you click on any link. If you click any of the links you could end up with malware.
Save yourself the time and just call the company. But you don’t even have to do that. Just ignore these e-mails; delete them. Nobody ever got in trouble for doing this. If a legitimate company wants your attention, you’ll most likely receive the message via snail mail, though they may also call.
Source: https://www.infosecbuddy.com/blog/phishing-scams-dont-click-that-link/#Layxf4Jr25E56GxJ.99