Phishing involves the use of e-mail messages that
appear to come from your bank or another trusted business in an attempt
to scam the user into surrendering private information that will be used
for identity theft. The phishing e-mail typically ask you to click a link
to visit a Web site, where they are asked to update personal information,
such as passwords and credit card, social security, and bank account numbers.
How to spot a phishing scam
Scammers have become increasingly sophisticated in creating
fraudulent emails and Web sites that look authentic. These emails and
Web sites often appear to be from legitimate companies and include images
and logos of these organizations. Following are signs that indicate the
email may not be legitimate.
Sender's Email Address
Spoof email may include a forged email address in the "From"
line - Some may actually be real email addresses that have been
B. Email Greeting
Many Spoof emails will begin with a general greeting such as "Dear
Washington Mutual customer"
Claims that your account may have been accessed by an unauthorized
D. Account Status Threat
Most Spoof emails try to deceive you with the threat that your account
is in jeopardy and if you fail to update, verify or confirm your
personal or account information, access to your accounts will be
E. Links in an Email
While many emails have links included, and ask you to restore your
account access, just remember that these links can be forged too.
Requests that you enter sensitive personal information such as a User ID, password
or bank account number by clicking on a link or completing a form within the
email are a clear indicator of a Spoof email.
How to spot a fake web site
Take a look at the example on the right. Often,
the link in the email will not match up with the URL of the site
it takes you to.
G. Legitimate Web Addresses
Legitimate Web sites maintain current certificates
for secure pages. To authenticate the site's secure Web page, follow
- Look for the padlock in the lower right (Internet
Explorer) or left (Netscape) corner of your browser window;
- and look in the address window above, the letters
https:// should appear in front of the address of the form screen
(instead of the non-secure http:// address).
- On the secure Web page, click on the File menu
and go to Properties.
- Click on the button at the bottom of the screen
called 'Certificates' - it should include the Web address (URL)
with which the security certificate was issued and the validity
Protecting your account
These protection practices can be applied to your bank
account, your ISP account and virtually any other online account you hold.
Here are some tips on how to protect your account and
what to do if you think you may have responded to a Spoof email:
- Be suspicious of demanding
messages. Messages threatening to terminate or suspend your account
without your quick response should be treated as suspicious.
- Be cautious of downloads.
Installing unknown software on your computer can put your personal information
at risk and potentially harm your computer’s hard drive.
- Scan for Viruses Frequently.
Scan your computer for viruses and make sure your virus software, operating
system, and browser patches are up to date.
- Vigilance Is the Best Line
of Defense. You should periodically check your account status
to see if there is any suspicious activity.
- Change Your Password Frequently.
If you think your account security may have been breached, change your
account password immediately. Learn How to change your password.
- Make Your Password Unique.
To prevent someone accessing multiple accounts, it is effective to have
different passwords for each account. Also, a good password will include
a combination of letters and numbers - this makes it more difficult
for people to guess the password.
- Contact Your Bank and Credit
Card Company. If you think you entered your personal financial
information into a spoof site, contact your bank and credit card company