E-mail phishing attacks are attempts by criminals to gain access to your personal information. Criminals send spam e-mails hoping for someone to believe their message. These e-mails and websites usually look trustworthy and convincing but any information you enter into them goes directly to the criminal. Here are some ways to avoid phishing:
- Don't click on links within e-mails that ask for your personal information - Fraudsters use these links to lure people to phony websites that look just like the real site of the company, organization or agency they're impersonating. If you follow the instructions and enter your personal information, you'll deliver it directly into the hands of identity thieves. A trustworthy organization will never request sensitive information by email.
- Protect your computer with spam filters, anti-virus and anti-spyware software, a firewall and keep them up to date - A spam filter can help reduce the number of phishing emails you get. Anti-virus software (which scans incoming messages for troublesome files) and anti-spyware software (which looks for programs that have been installed on your computer and track your online activities without your knowledge) can protect you against pharming and other techniques that phishers use. Pharming is an attempt to redirect traffic to another website other than the one you're trying to reach. Firewalls prevent hackers and unauthorized communications from entering your computer - which is especially important if you have a broadband connection. Look for programs that offer automatic updates and take advantage of free patches that manufacturers offer to fix newly discovered problems.
- If someone contacts you and says you've been a victim of fraud, verify the person's identity before you provide any personal information - Legitimate credit card issuers may contact you if there is an unusual pattern indicating that someone else might be using one of your accounts. Usually they ask only if you made particular transactions; they don't request your account number or other personal information. Law enforcement agencies might also contact you if you've been the victim of fraud. To be safe, ask for the person's name, the name of the agency or company they're with, their telephone number and their address. Get the main number from the phone book, the Internet, or directory assistance, then call to find out if the person is legitimate.
- Act immediately if you believe your information may have been compromised - If you believe you have provided account numbers, PINS, or passwords to a phisher, notify the companies with whom you have the accounts right away. For information about how to put a "fraud alert" on your files at the credit reporting bureaus and other advice for identity theft victims, contact the Federal Trade Commission's ID Theft Clearinghouse, or (877) 438-4338
- Report phishing, whether you're a victim or not - Tell the company or agency that the phisher was impersonating. You can also report the problem to law enforcement agencies through the National Consumer League's Fraud Center. The information you provide helps to stop identity theft.
More than ever, criminals are targeting smaller organizations because more consumers recognize and trust local brands. Be cautious, suspicious and aware of what information e-mails are requesting.
For more information, see how you can Protect Your Computer for unwanted outside sources by taking just a few small steps.