Don’t Be Hooked by E-Mail “Phishing” Scams
Each week the news warns of new “phishing” scams. What is “phishing” (pronounced fishing)? These are scams using e-mail and fake websites to get consumers to disclose personal financial information. Here’s how the scam works: You receive an e-mail that appears to be from your bank, credit-card company, Internet service provider (ISP), or online membership organization (such as an online auction site). The e-mail asks you to click on a link or go to the URL given in the e-mail to update some information the sender needs (or some other request). You click on the link and go to a website that appears to belong to the institution referenced. Since the site looks okay, you give the requested personal information. Typical requests include Social Security number, account numbers, passwords, and the like. The problem? The site is fake and the con artist has just ripped off information they can use to steal your identity and your money.
Recent scams include e-mails that appear to come from eBay, Paypal, Washington Mutual Bank, Citizens Bank and AOL. Check out the Phishing Archive at Anti-Phishing.org for these and other examples of phishing attacks.
Here are 3 things to note to avoid being hooked by such scams:
- Reputable companies and financial institutions, like your credit union and bank, NEVER, EVER send e-mails asking for personal information and account number information they already have on file. Always be suspicious of any request for information that comes from an unsolicited e-mail. When you initiate the online contact with your bank or a reputable merchant, you may provide information to purchase merchandise or handle your account.
- Report the scam to the company, using the customer service number or website address from a recent statement. You can send the actual spam to the FTC at firstname.lastname@example.org.
- NEVER click on the link in an e-mail of this sort, even if it looks legitimate. The link takes you right to the scammers not the real company.
How to Protect Yourself
Want to see how savvy you are about these scams? Take The SonicWALL Phishing IQ Test. How well did you do? It’s not easy to distinguish between a real and a fake message, is it?
Be extra careful with personal information. I recommend that you respond to no unsolicited request for personal information. Instead, call the institution using the number on your statement and ask if the request is legitimate. Don’t call any numbers provided in the e-mail or the website it directs you to. Don’t email personal and financial information. Before submitting financial information on a web site, make sure that the browser indicates—with a lock icon—that the information is being transmitted securely. Review credit card and bank statements for unauthorized charges as soon as you receive them. Call your credit card company or bank to confirm your mailing address if your statement is late.
For More Information
These articles have more information about these types of scams and how to avoid them.
- How Not to Get Hooked by a 'Phishing' Scam from the FTC
- Phishing Scams Growing Like Crazy in Scambusters.com issue #67
- Fake Credit Report Sites: Cashing in on Your Personal Information from the FTC
- Phishing Scams Continue to Grow from PC World.com
- eBay Scams and Bank Scams from Scambusters.com issue #60
- Phishing from the National Consumers League Internet Fraud Watch