What Is Phishing?
Phishing occurs when information/identity thieves send an e-mail that appears to have been sent from a legitimate organization, such as a retailer, bank, credit card or insurance agency. In recent months, fraudsters have schemed customers of such well-known companies as Citibank, Best Buy, Earthlink, eBay, PayPal and even the Federal Deposit Insurance Corporation.
Why Are Bad Guys Phishing?
These e-mails are attempts to steal your personal and/or financial information for illegal use.
How Can I Spot a Phishing E-mail?
While they may be difficult to identify, here are some items to focus on to help you spot a phishing e-mail. As a general rule, if you have any doubt or discomfort regarding an e-mail sent to you, DO NOT RESPOND OR CLICK ON ANY LINK. Contact the originating company directly, either by looking up their official Web site or phone number, and verify the validity of the e-mail sent to you.
- Always be wary of any e-mail that requests personal information, such as user ID, password and/or bank account numbers or Social Security Numbers.
- Greeting: Many fraudulent e-mails begin with a general greeting, such as "Welcome User" or similar verbiage, rather than a specific, personalized greeting.
- Threats to Account: Many scams warn that a recipient's account is in jeopardy and that only by authenticating information immediately via an embedded link or response to the e-mail can an account be kept from being closed, suspended or restricted.
- Lost Information: Be wary of claims that a company is updating its files or accounts.
- Request for Personal Information: Do not rely on the sender's e-mail address to validate the true origin of the e-mail. It may look legitimate, but fraudsters can easily alter the "from" field of an e-mail message in order to fool their victims. When in doubt, contact the company through their official Web site to confirm the validity of the e-mail.
- Beware of Sender's Address: Links embedded in a fraudulent e-mail often take the victim to a site that has been created to look like an official site from the company they are pretending to be. When in doubt, contact the company through their official Web site to confirm the validity of the e-mail.
How Do They Get My Personal Information and/or Steal My Identity?
Thieves send millions of e-mails to Internet users asking them to update their account information for banks, credit cards, online payment services or popular shopping sites. Frequently, the e-mail claims that the recipient's account information has expired or has been lost, and urgently requests that the account holder immediately resend this information to the company by responding to the e-mail or clicking on an embedded link.
Seven Tips to Avoid Phishing
- Be extremely skeptical of e-mails received from sources you are not familiar with.
- Keep separate passwords for each online account.
- Never click on a link embedded within any potentially suspicious e-mail.
- Call the organization directly to verify account status before divulging any information.
- Never respond to any request for personal information that arrives via e-mail.
- Work from the most current versions of web browsers and be sure to install and run all available firewalls.
- Check your online accounts regularly for suspicious activity.
Common Links and Educational Resources
Internet Crime Complaint Center
http://www.ic3.gov/
Report Phishing e-mails on this Web site using the "attempted fraud" category
FTC – Federal Trade Commission
http://onguardonline.gov/index.html
Educational tools, resources and guides
Federal Trade Commission
www.ftc.gov www.ftc.gov/spam
e-mail: uce@ftc.gov
United States Department of Justice
Special Report on "Phishing"
www.usdoj.gov/criminal/fraud/phishing.pdf
Contains contact information for legitimate organizations that have been targeted by Phishing scams
Anti-Phishing Working Group
http://www.antiphishing.org/
Includes detailed steps to take if you have disclosed your personal information to a Phishing scam