Protect Yourself: Online Phishing

What would you do if you received an e-mail from your bank asking you to go to its website and update your account information? The message looks authentic--it's even got the bank's logo. If you're smart, don't do it! In all likelihood, this seemingly innocent request is really from a cyber-thief looking to steal your personal--and valuable--financial information.

This unscrupulous practice, known as phishing, is a high-tech way to lure you into revealing your bank accounts, passwords, credit card numbers, PIN codes and other sensitive data. Armed with this private information, your identity, and then your money, can be stolen.

How it Works

Phishers target consumers by sending them e-mail messages from well-known companies such as PayPal, eBay, Citibank, and AOL that appear legitimate. Take a look at this message that we received:

Even though it resembles a message that could have been sent from PayPal, including the e-mail header, there's one crucial difference: The link doesn't go to Paypal's site. It links to a phony site controlled by criminals. Look at the web address we've highlighted below. It spoofs Paypal's address, but in reality, it has nothing to do with it.

Once you enter the requested information--these brazen thieves ask for everything from your credit card number to your driver's license and your mother's maiden name--they can access all yours accounts and rob you blind. The same scam can be used with any financial site, no matter how real it looks.

By the way, did you notice how the message claims that updating your account will help you avoid future problems. Sneaky, huh? And don't be fooled by the threat to terminate your account if you fail to reply by a certain date. This is just another way to trick you into responding quickly.

In the real world, you wouldn't reveal private financial information to anyone who asks, so don't do it online either. Here's how to avoid becoming a victim:

1. DO NOT respond to these e-mail requests. If you have questions, telephone the company and talk to a customer service representative. (Don't use the number on the e-mail--it too, could be fake.)
2. Never transmit sensitive information in an e-mail.
3. If you want to check or update your account information, do it by going directly to the company website. Type the address into your web browser. Remember, DO NOT click on a link in an e-mail message.
4. Whenever you transmit sensitive data online, make sure the website is secure. A closed lock icon will appear at the bottom of your web browser. Also the web address will begin with https. (Notice the "s,"short for "secure.")
   
   
5. If you receive a suspicious message, file a complaint by e-mailing the Federal Trade Commission or contacting the Anti-Phising Working Group.

Get Off the Hook

If you think you've been caught off-guard, don't feel embarrassed, take action immediately by doing the following:

1. Check your financial accounts to see if there's been unauthorized access.
2. If there is, report it immediately to the company in question, such as PayPal, eBay, the credit card issuer or bank.
3. Close your account and open a new one.
4. If you suspect that your identity has been stolen, file a police report and make a report with credit bureaus like Equifax.
5. For more detailed information and action, visit IdentityTheft.org and PrivacyRights.org.

Finally, you may wonder why this deceptive scheme is called phishing. As every angler knows, you need bait to catch a fish. In the electronic ocean of information, an e-mail message becomes the bait. Since hackers commonly substitute "ph" for "f," phishing is the practice of luring personal data with phony e-mail.

Tip

The recent releases of Internet Explorer, Firefox and Navigator have anti-phishing software built into the web browser, which alerts you when you attempt to access a suspicious website.

Internet Explorer 7 Download - click here

Mozilla Firefox Download - click here