Phishing: Don't Get Hooked

There are con artist that use "phishing" as a means of gaining your personal information such as credit card numbers, passwords, account data or other valuable information. Millions of fraudulent e-mail messages get sent out that appear to look exactly like real, trusted websites, like PayPal and are very sly about getting victims to submit their confidential information for them.

Below is an example of such an email and a few things to look out for. Notice that when a link in the e-mail message is hovered over, a tag is shown that has a completely different link or url. Compare links "a" to "b."

These types of emails can also be refered to "spoofed" sites. Here are a few phrases to look for if you think an e-mail message is a scam:

"Verify your account."

Businesses should never ask you to send passwords, login names, Social Security numbers or other personal information through e-mail.

"If you don't respond within 48 hours, your account will be closed."

These messages convey a sense of urgency so that you will respond immediately without thinking. Some of these scams might even tell you that your account has been compromised.

"Dear Valued Customer."

Since there are millions of these sent out during all times of the day, they have no way of including any personal information.

What to do if you have accidentally responded to a phishing scam

Step 1: Report the incident to the following authorities

  • Your credit card company, if you have given your credit card information. The sooner an organization knows your account may have been compromised, the easier it will be for them to help protect you.
  • The company that you believe was forged. Remember to contact the organization directly, not through the e-mail message you received.
  • In the United States, the Federal Trade Commission. Report the circumstances to the FTC: National Resource for Identity Theft

You can also report the phishing scam to the Anti-Phishing Working Group and to the FTC at spam@uce.gov.

To report the scam to these groups, create a new e-mail message addressed to them and attach the phishing e-mail to the new message.
Note: You can also copy the entire phishing e-mail and paste it in the new mssage.

Step 2: Change the passwords on all your online accounts

Read "How to create and use strong passwords"

Start with passwords that are related to financial institutions

Step 3: Routinely review your credit card and bank statements

Review your bank and credit card statements monthly for unexplained charges or inquiries that you didnít initiate.