What is a "phishing" e-mail?
"Phishing" is a term used to describe fraudulent e-mail designed to steal your identity. These imposter e-mails may appear to come from reputable companies, but are actually from thieves masquerading as legitimate businesses. The e-mail will ask you to disclose, on a phony Web site or in a phony dialog box, personal information, such as your passwords, user names, credit card information, account data or Social Security number. The thieves then steal that personal information to harm your good name. Depending on the information you may have provided, they can access your accounts, open new ones, steal your funds and even commit crimes-all in your name.
How the thieves steal your personal information.
Phishing e-mails typically suggest that if you do not update your personal information, your account will be closed. The e-mail instructs you to click on a link that redirects you to a fake Web site. These "spoofed" sites look official and include logos and fonts used by the companies they imitate.
Look for these warning signs:
- Urgent tone. The message urges you to "act quickly" or your account will be closed.
- Spelling and grammatical errors. The wording may be sloppy and contain typographical errors and misspellings.
- Request for financial information. They often ask for your e-mail address and password, first and last names, credit card numbers, bank account numbers, account PIN numbers and Social Security numbers.
- Fake Web address. An "@" symbol in a Web site address may indicate that the source might be imitating a company or person (For example: firstname.lastname@example.org is fake). Often, the link will have a valid address displayed but actually take you to a completely different, fraudulent site. NEVER CLICK ON ANY LINKS IN ANY EMAILS ASKING YOU TO UPDATE OR PROVIDE INFORAMATION. Companies will NEVER ask for your passwords or other information in an email.
- Non-secure Web pages. Their sites and URL may look like official company sites, but they are not. Watch out for non-secure Web pages that ask for sensitive information. Secure sites use encryption technology to protect your information. They display a locked padlock at the bottom of your browser and add an "s" after http in the address bar.
- If it sounds too good to be true, it probably is. Scam artists can paint attractive pictures of "valuable offers" and "great deals." Odds are, they're just looking for other ways to access your valuable personal information.
What can you do to help protect yourself?
- Be suspicious. Messages threatening to terminate or suspend your account without your quick response should be treated as suspicious. Also, be wary of clicking on links in e-mail messages. Always type in the URL of the Web page you want. Phishing scam e-mails include a link that takes you to a fake Web site.
- Scroll over the URL. If you move your mouse over the URL and numbers or a different URL appear, it's probably fraudulent.
- Keep your account up to date. Legitimate businesses, including Microsoft and MSN, will not ask for personal information via e-mail.
What if you've received a suspicious phishing e-mail?
Do NOT click any links in the email. If you have a question about your account, email the company directly.
What if you've been a victim of a phishing scam?
If you feel your personal information has been jeopardized:
- Close any accounts accessed or opened fraudulently.
- Change the passwords and PINs on all of your online accounts.
- File a report with your local police department or wherever the subsequent identity theft occurred.
- Contact each of the three major U.S. credit bureaus and place a fraud alert on your credit reports: Equifax: 1-800-525-6285, Experian: 1-888-397-3742, TransUnion: 1-800-680-7289