When we hear the word "fishing" most of us picture ourselves boating on a lake in a quiet, serene setting. Well, there's a new type of "phishing" we as consumers must guard against. This "phishing" is the new recreational sport of scam artists. Their lake is the Internet and your personal information is their catch.
Is Someone "Phishing" for Your Information?
Internet scammers casting about for people's financial information have a new way to lure unsuspecting victims: they go "phishing." Phishing – as in fishing for confidential information – is a high-tech scam that uses spam to deceive consumers into disclosing their credit card numbers, bank account information, Social Security numbers, passwords, and other sensitive personal information. An estimated 50 or so unique phishing "attacks" are launched every day and that total is expected to dramatically increase.
Here's how it works:
A consumer receives an e-mail or text message which appears to be from a business that he or she deals with - such as a bank or Internet service provider - or from a government agency or other reputable entity.
The e-mail or text message indicates that the consumer must "verify" or "re-submit" personal or confidential information by clicking on a link.
The provided link appears to be the website of the financial institution, government agency or other entity. However, in these phishing scams the link is not to an official website, but rather to a phony site, set up with stolen graphics to trick the user into believing it is real.
Once inside that fraudulent website, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth.
When the consumer provides the information, those perpetrating the fraud can begin to drain accounts or assume the person's identity.
Once these scammers have your personal account information they can access your checking account or use your credit cards. In the worst case, you could find yourself a victim of identity theft. With the sensitive information obtained from a successful phishing scam, these thieves can take out loans or obtain credit cards and even driver’s licenses in your name. They can do damage to your financial history and personal reputation that can take years to unravel. But if you understand how phishing works and how to protect yourself, you can help stop this crime.
Financial institutions or government agencies DO NOT ask customers
for ATM card numbers, personal identification numbers (PINs)
or other sensitive information over the Internet.
Learn to Spot the Lure and Avoid Being Hooked
Scam artists have gone to great lengths to create phony e-mails that closely resemble actual websites of well-known institutions. Unlike the Nigerian business scam e-mails, which most people recognize and delete, these fraudulent e-mails are quite sophisticated and appear to be from a genuine source. Therefore, be suspicious of any unsolicited e-mail which asks you to provide your personal account information.
Be alert and skeptical in regard to the e-mails and text messages you receive. Legitimate websites will NEVER ask you to provide personal information that can be used to identify you or obtain your account information. You must refuse to give such information. Unlike "anti-spam" programs which can filter certain e-mails, or "anti-virus" software which protects your computer from viruses, there is little you can do to prevent someone from sending you this type of e-mail or text message. You do, however, have the choice to disregard any request for personal information. Remember, these scams only work if you take action and provide your personal information.
Here are a few tips to help you avoid being hooked by a phishing scam:
- If you get an e-mail or text message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies don’t ask for this information via e-mail or text message. Contact the organization using a telephone number you know to be genuine, or open a new Internet session and type in the web address that you know is correct. In any case, do not cut and paste the link in the message.
- Do not e-mail personal or financial information. E-mail is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
- Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
- Be cautious about opening any attachment or downloading any files from emails or text messages you receive, regardless of who sent them. Use anti-virus software and keep it up to date because some phishing emails contain software that can harm your computer.
What To Do If You've Taken the Bait
Contact your financial institution immediately
Go to IdentityTheft.gov and follow the recovery steps to take based on the information that you lost.
Place a fraud alert on your credit file by contacting one of the three major credit bureaus:
Hearing impaired call 1-800-255-0056 and ask the operator to call the Auto Disclosure Line at 1-800-685-1111 to request a copy of your report.
To Report a Phishing Email or Text Message:
- If you got a phishing email, forward it to the FTC at email@example.com and to the Anti-Phishing Working Group at firstname.lastname@example.org. If you got a phishing text message, forward it to SPAM (7726).
- Report the phishing attack to the FTC at ftc.gov/complaint.
- Report suspicious e-mails to the Internet Crime Complaint Center. You may also contact the Department of Banking if you believe you have been a victim of "phishing."