What is Phishing?
There’s a new type of Internet piracy called “phishing.” It’s pronounced “fishing,” and that’s exactly what these thieves are doing: “fishing” for your personal financial information. What they want are account numbers, passwords, Social Security numbers, and other confidential information that they can use to loot your checking account or run up bills on your credit cards.
In the worst case, you could find yourself a victim of identity theft. With the sensitive information obtained from a successful phishing scam, these thieves can take out loans or obtain credit cards and even driver’s licenses in your name. They can do damage to your financial history and personal reputation that can take years to unravel. But if you understand how phishing works and how to protect yourself, you can help stop this crime.
Here’s how phishing works: In a typical case, you will receive an e-mail that appears to come from a reputable company that you recognize and do business with, such as your financial institution. In some cases, the e-mail may appear to come from a government agency, including one of the federal financial institution regulatory agencies. The e-mail will probably warn you of a serious problem that requires your immediate attention. It may use phrases, such as “Immediate attention required,” or “Please contact us immediately about your account.” The e-mail will then encourage you to click on a button to go to the institution’s Web site.
In a phishing scam, you could be redirected to a phony Web site that may look exactly like the real thing. Sometimes, in fact, it may be the company’s actual Web site. In those cases, a pop-up window will quickly appear for the purpose of harvesting your financial information.
In either case, you may be asked to update your account information or to provide information for verification purposes: your Social Security number, your account number, your password, or the information you use to verify your identity when speaking to a real financial institution, such as your mother’s maiden name or your place of birth. If you provide the requested information, you may find yourself the victim of identity theft.
To learn more about identity theft and how to protect yourself, contact the Federal Trade Commission at 1-877-ID-THEFT (1-877-438-4338) or log onto www.ftc.gov/bcp/edu/microsites/idtheft//.
How to Avoid Getting Phished:
Be suspicious of any email with urgent requests for personal financial information unless the email is digitally signed (you can’t be sure it wasn’t forged or ‘spoofed’). Phishers typically: (1) include upsetting or exciting (but false) statements in their emails to get people to react immediately; (2) ask for confidential information such as usernames, passwords, credit card numbers, social security numbers, account numbers, etc.; and (3) do not personalize the email message (while valid messages from your credit union should be).
Don’t use the links in an email to get to any web page if you suspect the message might not be authentic. Instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser.
Avoid filling out forms in email messages that ask for personal financial information. You should only communicate information such as credit card numbers or account information via a secure website or the telephone.
Always ensure that you’re using a secure website when submitting credit card or other sensitive information via your Web browser. To make sure you’re on a secure Web server, check the beginning of the Web address in your browsers address bar – it should be https:// rather than just http://.
Consider installing a Web browser tool bar to help protect you from known phishing fraud websites.
Regularly log into your online accounts and don’t wait for as long as a month before you check each account.
Regularly check your financial institution, credit, and debit card statements to ensure that all transactions are legitimate. If anything is suspicious, contact GMFCU and any other financial institution(s) or card issuers you bank with.
- Ensure that your browser is up to date and security patches applied.
- Always report “phishing” or “spoofed” e-mails to the following groups:
- forward the email to firstname.lastname@example.org;
- forward the email to the Federal Trade Commission at email@example.com;
- forward the email to the company that is being spoofed.
When forwarding spoofed messages, always include the entire original email with its original header information intact; and notify the Internet Crime Complaint Center of the FBI by filing a complaint on their website:www.ic3.gov.