| May 17, 2005
Avoid Taking the Bait from Online Phishing Scams
Phishing, the practice of luring unsuspecting victims to disclose sensitive information online, has quickly become the fastest-growing security threat to Internet users. Here is some information about how to prevent yourself from being victimized by phishers.
Tips to Prevent Phishing
An unsolicited email could be a phishing scam if it:
Doesn't address you by your full name.
Asks you to provide personal or financial information, such as your bank or credit card account number, an account password or PIN, your Social Security number or mother's maiden name.
Warns that you have been the victim of fraud or that your account will be closed unless you respond quickly.
Tells you that you have won a prize or vacation and just need to "confirm" certain information.
Has spelling or grammatical errors you wouldn't expect a professional business to make.
Ways to avoid phishing scams include:
Never transmit sensitive personal or financial information via email.
Emails or pop-up messages that ask for personal or financial information should be deleted. Legitimate companies won't ask for this information online.
Never open attachments from someone you don't know or if they seem suspicious.
Never follow links (click on them) included in emails from someone you don't know or that seem suspicious.
Be careful which websites you view and/or submit your personal information on. Look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins with “https:” (the “s” stands for “secure”)*.
Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges.
Use anti-virus software and keep it up-to-date, especially if you have a broadband connection. Anti-virus software and a firewall can protect you from inadvertently accepting unwanted files that may be phishing or contain viruses.
For more information consult the following websites:
FTC: How Not to Get Hooked by a ‘Phishing’ Scam
Anti-Phishing Work Group
Consumer Report: You've Got Fraud
*Unfortunately, no indicator or method of prevention is foolproof; some phishers have forged security icons or created websites that are surprisingly similar to those of legitimate businesses.
The best advice is that if you are unsure about a message you have received or a website you have come across, to confirm the legitimacy of these items by telephoning the company from which these items seemingly originate from. To do so, your should use a phone number published in a telephone directory or on any financial statements you have received in the past.