What is a "phishing" e-mail? |
| "Phishing" is a term used to describe fraudulent e-mail designed to steal your identity. These imposter e-mails may appear to come from reputable companies but are actually from thieves masquerading as legitimate businesses. The e-mail will ask you to disclose, on a phony web site or in a phony dialog box, personal information such as your account data or Social Security number. The thieves then steal that personal information to harm your good name. Depending on the information you may have provided, they can access your accounts, open new ones, steal your funds, and even commit crimes...all in your name. |
| How the thieves steal your personal information |
| Phishing e-mails typically suggest that if you do not update your personal information, your account will be closed. The e-mail instructs you to click on a link that redirects you to a fake web site. These "spoofed" sites look official and include logos and fonts used by the companies they imitate. |
| Look for these warning signs: |
| Urgent Tone: The message urges you to "act quickly" or your account will be closed. |
| Spelling and Grammar Errors: The wording may be sloppy and contain typographical errors and misspellings. |
| Request for Financial Information: They often ask for your e-mail address and password, first and last names, credit card numbers, bank account numbers, account PIN numbers, and Social Security numbers. |
| Fake Web Address: An "@" symbol in a web site address may indicate that the source might be imitating a company or person (For example: www.bankname@billing.com is fake). |
| Non-Secure Web Pages: Their sites and URL may look like official company sites, but they are not. Watch out for non-secure web pages that ask for sensitive information. Secure sites use encryption technology to protect your information. They display a locked padlock at the bottom your your browser and add an "s" after http in the address bar (For example: https://bankname.com). |
| If It Sounds Too Good to be True, It Probably Is: Scam artists can paint attractive pictures of "valuable offers" and "great deals." Odds are they're just looking for other ways to access your valuable personal information. |
What can you do to protect yourself? |
| Be suspicious. Messages threatening to terminate or suspend your account without your quick response should be treated as suspicious. Also, be wary of clicking on links in e-mail messages. |
| Always type in the URL of the web page you want. Phishing scam e-mails include a link that takes you to a fake web site. We recommend typing the address in the address bar of your browser to ensure that you are visiting the legitimate web site. |
| Scroll over the URL. If you move your mouse over the URL and numbers or a different URL appear, it's probably fraudulent. |
| What if you received a suspicious phishing e-mail? |
| You could forward the e-mail information to government agencies, such as the Federal Trade Commission (FTC), which can be contacted via spam@uce.gov or 877-IDTHEFT (877-438-4338) or by accessing their web site at http://www.consumer.gov/idtheft, and the Federal Bureau of Investigation (FBI) through the Internet Fraud Complaint Center at http://www.ifccfbi.gov. The Anti-Phishing Working Group, an e-commerce industry trade association, can also be contacted at reportphishing@antiphishing.org. |
| What if you've been a victim of a phishing scam? |
| Close any accounts accessed or opened fraudulently. |
| Change the passwords and PINs on all of our online accounts. |
| File a report with your local police department or wherever the subsequent identity theft occurred. |
| Contact each of the three major U.S. credit bureaus and place a fraud alert on your credit reports: |
| Equifax: 1-800-525-6285 |
| Experian: 1-800-397-3742 |
| TransUnion: 1-800-680-7289 |
