don't have to go dumpster-diving to get your personal
information, as they have found a more sophisticated way to lure
unsuspecting victims -- they go 'phishing'.
Phishing is a
high-tech scam that uses spam to deceive unsuspecting consumers
into disclosing their credit card numbers, bank account
information, Social Security number, passwords, and other
sensitive information. According to the Federal Trade
Commission (FTC), phishers send an email that claims to be from
a legitimate business or organization, and the message usually
asks that the recipient "update" or "validate" his or her
What is Phishing?
(pronounced “Fishing”) is an online fraud technique used by
criminals to entice you to disclose your personal information.
Phishers use many different tactics to lure you, including
e-mail and Web sites that mimic well-known, trusted brands.
of these fake messages are to trick consumers into providing the
- Name and
- Address and Phone Number
- Password or PIN
- Account Number
- Credit or Debit Card Number
- Card Validation Code (the 3-digit
number on the back of the card)
How can you tell if an e-mail message
is a fraud?
Requests for personal information
in an e-mail message.
Most legitimate businesses have a
policy that they do not ask you for your personal
information through e-mail. Be very suspicious of a message
that asks for personal information even if it might look
Phishing emails almost always try
to get you to respond to the message or to click the link
that is included. To increase the number of responses,
criminals attempt to create a sense of urgency so that
people immediately respond without thinking.
Usually, fake e-mail messages are
NOT personalized. For example: Dear valued
member, it has come to our attention that your account
information needs to be updated due to inactive member,
frauds, and spoof reports. Failure to update your
records will result in account deletion. Please follow
the link below to confirm you data.
Phishers are getting very sophisticated in their ability to
create misleading links to the point where it is impossible
for the average person to tell if the link is legitimate or
not. It's always best to type in the Web address of the
company that you trust, instead of using the link in the
email. The link you are urged to click might contain
all or part of a real company's name and can be "masked,"
meaning that the link you see does not take you to that
address but somewhere different, usually a faked Web site.
using an @ sign
of URLs that include the @ sign. The URL would take
you to the location that comes after the @ sign, not to your
trusted site. This is because browers ignore anything in the
URL that comes before the @ sign.
message body is an image
To avoid detection by spam
filters, fake e-mail messages used in phishing schemes often
use an image instead of text in the message body. The
message body image is usually a link to a Web page.
Many phishing schemes ask you to
open attachments, which can then infect your computer with a
virus or spyware. If spyware is downloaded to your
computer, it can then record the keystrokes you use to log
into your personal online accounts and then sends that
information back to the criminal. So be sure not to
open attachments in suspicious e-mail messages. Any
attachment that you want to view should be saved first, and
then scanned with an up-to-date antivirus program before you
that seem too good to be true
sense and be suspicious when you are offered money or
discounts that seem too good to be true.
and poor grammar
Since many fraudulent emails are
mass produced, there is a good chance you will find
misspellings and poor grammar. A legitimate business
will usually check these items before sending an email to