No Phishing Allowed! How to avoid being lured into a phishing scam
Identity thieves have taken up phishing! Phishing fraudsters use fake e-mails, text messages, phone calls, and even Web sites to fish for consumers’ sensitive personal information. The word "phishing" comes from the analogy that Internet scammers are using email, and more recently text messages, as lures to "fish" for passwords and financial data from the sea of Internet users. And unlike some other forms of identity theft where one’s personal information is stolen, in this swindle the victim unwittingly supplies the thieves with exactly what they need to leave the victim reeling from the resulting financial losses.
The FBI has called phishing one of the most troubling scams out there. Many large, reputable businesses and organizations, including the Federal Deposit Insurance Corporation (FDIC), the Internal Revenue Service (IRS) and the American Banker’s Association, have been fraudulently represented in this type of scam. Statistics complied by the Anti-Phishing Working Group reveal that although eBay is one of the most commonly hijacked brands, they also highlight the fact that the financial services industry is the most commonly targeted business sector.
In the typical phishing scam, you receive an e-mail or text message supposedly from a company or financial institution you may do business with or from a government agency. These messages can look quite convincing, with company logos and banners copied from actual Web sites and describe a reason you must “update,” "verify" or "re-submit" confidential information — such as bank account and credit card numbers, Social Security numbers, passwords and personal identification numbers (PINs) — using a return e-mail, a form linked from a “look-alike” Web site of the real business, or a pop-up message with the name and even the logo of the company or government agency.
Perhaps you are told that your bank account information has been lost, stolen, or that restrictions have been imposed on your account until you provide additional details. If you comply, the thieves hiding behind the seemingly legitimate Web site or e-mail can use the information to make unauthorized withdrawals from your bank account, pay for online purchases using your credit card, obtain credit, or even sell your personal information to other thieves.
Important: Once provided to us at account opening, we will never initiate contact with you and ask for your Social Security Number or bank account number(s). If you contact us, we may ask you to verify one or more as a means of identification, but we will never call or email you and ask for this information unsolicited. We advise you to never give out your Social Security Number or any account numbers to anyone that you have not initiated contact with first.
To avoid becoming a victim of a phishing scam, follow these important tips:
Never give out your personal financial information in response to an unsolicited phone call, fax, email or text message, no matter how official it may seem.
- Use extreme caution when clicking on links and attachments included in unsolicited emails or texts, even if they appear to be from someone you know or from a company with whom you do business. Identity theives often spoof messages that contain links directing you to false websites designed to trick you into providing your personal information, or may even include attachments that contain dangerous malware that downloads automatically or even unknowingly.
Do not respond to email or text messages that may warn of dire consequences unless you validate your information immediately. Contact the company to confirm the messages’s validity using a telephone number or Web address you know to be genuine.
Promptly review your bank account and credit card statements and look for unauthorized transactions, even small ones. Some thieves hope small transactions will go unnoticed. Investigate and report any discrepancies immediately.
When submitting financial information to a Web site, look for the padlock or key icon at the bottom of your browser, and make sure the Internet address begins with "https." This signals that your information is secure during transmission.
If you believe you have responded to a fraudulent message, contact your bank immediately so they can protect your account and your identity. In addition, call the three major credit bureaus (see Fraud Alert Hotlines) to request that a fraud alert be placed on your credit report.