There’s a new type of Internet piracy called “phishing”. It’s pronounced “fishing”, and that’s exactly what these thieves are doing: “fishing” for your personal financial information. What they want are account numbers, passwords, Social Security numbers and other confidential information that they can use to loot your checking account or run up bills on your credit cards.
Phishing is a scam where Internet fraudsters send spam or pop-up messages to lure personal and financial information from unsuspecting victims
In the worst case, you could find yourself a victim of identity theft. With the sensitive information obtained from a successful phishing scam, these thieves can take out loans or obtain credit cards and even driver’s licenses in your name. They can even do damage to your financial history and personal reputation that can take years to unravel. But if you understand how phishing works and how to protect yourself, you can help stop this crime.
Here’s how phishing works
In a typical case, you’ll receive an email that appears to come from a reputable company that you recognize and do business with, such as the credit union, a credit card company or another financial institution. In some cases, the email appears to come from a government agency, including one of the federal financial institution regulatory agencies.
The email will probably warn you of a serious problem that requires your immediate attention. It may use phrases such as “Immediate attention required” or “Please contact us immediately about your account.” The email will then encourage you to click on a button to go to the institution’s web site.
In a phishing scam, you could be redirected to a phony web site. that looks exactly like the real thing. Sometimes, in fact, it may be the company’s actual web site. in those cases, a pop up window will quickly appear for the purpose of harvesting your financial information.
In either case, you may be asked to update your account information or to provide information for verification purposes: your Social Security number, your account number, your password, or the information you use to verify your identity when speaking to a real financial institution, such as your mother’s maiden name or your place of birth.
If you provide the requesting information, you may find yourself a victim of identity theft.
How to Protect Yourself:
- Never provide your personal information including your Social Security number, account number or passwords, in response to an unsolicited request, whether it is over the phone or over the internet. Email and internet pages created by phishers may look exactly like the real thing. They may even have a fake padlock icon that ordinarily is used to denote a secure web site. If you did not initiate the communication, you should not provide any information.
- Never provide your password over the phone or in response to an unsolicited request. A financial institution will never ask you to verify your account information online.
- Do not be intimidated by an email or caller who suggests dire consequences if you do not immediately provide or verify financial information.
- Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.Don’t reply to email or pop-up messages that ask for personal or financial information, and don’t click on links in the message.
- Don’t cut and paste a link from the message into your Web browser — phishers can make links look like they go one place, but that actually send you to a different site.
- Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
- Don’t email personal or financial information
- If you believe the contact may be legitimate, contact the financial institution yourself using the phone number or web site. address on the monthly statement you receive from your financial institution. The key is that you should be the one initiating the contact, using contact information that you have verified yourself.
- Review account statements regularly to ensure all charges are correct. If your account statement is late in arriving, call your financial institution to find out why. If your financial institution offers electronic account access, periodically review activity online to catch suspicious activity.
What Do I do If I’m Phished
When you receive Phishing correspondence be sure to follow the protection guidelines outlined above. Then, to help catch the thieves and help protect others, we ask that you do the following:
- Forward spam that is phishing for information to firstname.lastname@example.org and to the company, bank, or organization impersonated in the phishing email.
- Report phishing email to email@example.com. The Anti-Phishing Working Group, a consortium of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing
- Report all suspicious contact to the Federal Trade Commission through the Internet at www.consumer.gov/idtheft or by calling 1-877-IDTHEF
What To Do If You Fall Victim:
If you took the bait and gave your personal information to a phishing scam you must act immediately to minimize the impact of identity theft.
- Contact Hometown Credit Union immediately and alert the credit union to your situation. Also notify all other financial institutions where you have accounts that may have been affected.
- Monitor your credit files and account statements closely.
- If you have disclosed sensitive information in a phishing attack, you should also contact the three major credit bureaus and discuss whether you need to place a fraud alert on your file, which will help prevent thieves from opening a new account in your name. Here is the contact information for each bureau’s fraud division: