There's a new
type of Internet piracy called "phishing." It's pronounced
"fishing," and that's exactly what these thieves are doing:
"fishing" for your personal financial information. What they
want are account numbers, passwords, Social Security numbers, and
other confidential information that they can use to loot your
checking account or run up bills on your credit cards.
worst case, you could find yourself a victim of identity theft.
With the sensitive information obtained from a successful phishing
scam, these thieves can take out loans or credit cards and even
driver's licenses in your name. They can do damage to your
financial history and personal reputation that can take years to
unravel. But if you understand how phishing works and how to
protect yourself, you can help stop this crime.
In a typical case, you'll receive an e-mail that appears to come
from a reputable company that you recognize and do business with,
such as your financial institution. In some cases, the e-mail
may appear to come from a government agency, including one of the
federal financial institution regulatory agencies.
will probably warn you of a serious problem that requires your
immediate attention. It may use phrases, such as "Immediate
attention required," or "Please contact us immediately about your
account." The e-mail will then encourage you to click on a
button to go to the institution's Web site.
phishing scam, you could be redirected to a phony Web site that may
look exactly like the real thing. Sometimes, in fact, it may
be the company's actual Web site. In those cases, a pop-up
window will quickly appear for the purpose of harvesting your
case, you may be asked to update your account information or to
provide information for verification purposes: your Social
Security number, your account number, your password, or the
information you use to verify your identity when speaking to a real
financial institution, such as your mother's maiden name or your
place of birth.
provide the requested information, you may find yourself the victim
of identity theft.
How to Protect
Never provide your personal information in response to an
unsolicited request, whether it is over the phone or over
the Internet. E-mails and Internet pages created by
phishers may look exactly like the real thing. They may
even have a fake padlock icon that ordinarily is used to denote
a secure site. If you did not initiate the communication,
you should not provide any information.
If you believe the contact may be legitimate,
contact the financial institution yourself.
You can find phone numbers
and Web sites on the monthly statements you receive from your
financial institution, or you can look the company up in a phone
book or on the Internet. The key is that you
should be the one to initiate contact, using contact information
that you have verified yourself.
Never provide your password over the phone or in
response to an unsolicited Internet request.
A financial institution
would never ask you to verify your account information online.
Thieves armed with this information and your account number can
help themselves to your savings.
Review account statements regularly to ensure all
charges are correct. If your account statement
is late in arriving, call your financial institution to find out
why. If your financial institution offers electronic
account access, periodically review activity online to catch
What to do if
you fall victim:
financial institution immediately and alert it to the situation.
If you have disclosed sensitive information in a phishing attack,
you should also contact one of the three major credit bureaus and
discuss whether you need to place a fraud alert on your file, which
will help prevent thieves from opening a new account in your name.
Here is the contact information for each bureau's fraud division:
800-525-6285 PO Box 740250
Atlanta, GA 30374
888-397-3742 PO Box 1017
Allen, TX 75013
800-680-7289 PO Box 6790
Fullerton, CA 92634
Report all suspicious contacts to the
Federal Trade Commission through the Internet at
or by calling 1-877-IDTHEFT
You Can Fight
Identity Theft - Here's How:
Never provide personal financial information, including your
Social Security Number, account numbers or passwords, over the
phone or the Internet if you did not initiate the contact.
Never click on the link provided in an email
you believe is fraudulent. It may contain a virus that
can contaminate your computer.
Do not be intimidated by an e-mail
or caller who suggests
dire consequences if you do not immediately provide or verify
If you believe the contact is legitimate,
go to the company's Web
site by typing in the site address directly or using a page you
have previously book marked, instead of a link provided in the
If you fall victim to an attack, act immediately
to protect yourself.
Alert your financial institution. Place fraud alerts on
your credit files. Monitor your credit files and account
Report suspicious e-mails or calls
to the Federal Trade
Commission through the Internet at
http://www.ftc.gov/bcp/edu/microsites/idtheft/ , or by calling 1-877-IDTHEFT