Phishing Scams

by Scott

What is a phishing scam?

Simply put: A phishing scam is an email scam designed to steal your identity by tricking you into handing over your own personal information.

Phishing is a type of scam where the scammer uses fraudulent e-mails that appear to come from companies you trust, like your bank or credit card company, to steal your identity. Through this email, and most likely an imitation website to match, the scammer tricks you into submitting your personal information. This information is then used to steal your identity, opening accounts using your name.

An e-mail from a phishing scam can so closely resemble a legitimate business that it can be near impossible to tell it's a fake if you don't know what to look for.

How does a phishing scam work?

A scammer first creates an e-mail that mimics the financial institution of choice. They use a logo image from the website along with any other objects or features to make the e-mail look as close as possible to an actual email from the institution.

The e-mail will have a message that contains something similar to the statements below.

• Dear valued customer - they don't know your actual name.
• ... Please verify your account information
• Please respond within the next 48 hours or your account will expire/close.
• Click the link below to update your personal information
• ... System maintenance ... please updated your records
• Your account may have been compromised, please verify your information.

The email will typically try and portray some sort of urgency to get you to act on impulse. The email will probably ask you to either reply to the email or visit a link to update or verify your account information.

Following the instructions and entering your data sends your personal information directly to the scammer and they now have everything they need to steal your identity.

How can I protect myself?

If you receive an e-mail or instant message requesting person information do not respond or follow any of the links. | more info ...less info ...

Legitimate organizations will not request your personal information through email. If you receive a suspect phishing email you should contact the organization immediately and inform them of the email to verify it's validity. They may request you forward it to their fraud team so they can take the appropriate actions to shut down the scam and protect others. Do not use any contact information provided in the email because it could be fake as well. Use a phone number you know to be legitimate.

Never give out personal information through email. | more info ...less info ...

Emails are not secure and your information could be compromised.

Keep a close eye on your bills and statements to be sure everything is correct. | more info ...less info ...

If someone has stolen your identity your first clue may be an unknown purchase on your credit card or an unknown withdraw from your bank.

Before giving out personal information across the Internet verify the site you are on is secure. | more info ...less info ...

A secure site will encrypt your data before sending it so only the intended recipient can read it. To ensure the site is secure you should look for a little yellow lock on the status bar (bottom of the browser window) of Internet Explorer and to the right of sites address in Mozilla Firefox. The sites address will begin with ‘https’ rather than http. And, the address bar will turn yellow in Firefox.

Unfortunately some phishing sites are able to fake these signs. If you are unsure as to whether the site you are visiting is actually the site you want you should type the company’s address into the browser by hand, search for the company using a web search engine such as Google, or call the companies phone number. Do not copy and paste and do not pull the phone number from the site or email, this information will most likely be fake as well.

Keep and eye on your credit report. | more info ...less info ...

The top three credit reporting companies are Equifax, Experian and Transunion. Get a report from at least one of these agencies and look for anything suspicious such as a credit card you don't recognize.

Under the Fair and Accurate Credit Transactions Act (FACT Act) consumers can request and obtain a free credit report once every 12 months from each of the three nationwide consumer credit reporting companies. AnnualCreditReport.com is the official site for receiving your free reports.

There are also many companies that provide credit monitoring services that send you a notification if there is something out of the ordinary. Check with your financial institution or one of the credit reporting companies for more information on this type of service.

How can I recover from a phishing scam or identity theft

To learn what steps you need to take to recover from identity theft read my "How to recover from identity theft" article

Phishing scam example

Related links for further reading

• Wikipedia: Phishing
• HowStuffWorks: How Phishing Works
• Microsoft: Microsoft: Recognize phishing scams and fradulent e-mails
• FDIC: Consumer Alert - Phishing Scam
• Related Blogs

top of page