What is phishing?

Email Phishing scams are carried out online by tech-savvy con artists and identity theft criminals. They use spam, fake websites constructed to look identical to real sites, email and instant messages to trick you into divulging sensitive information, like bank account passwords and credit card numbers. Once you take the phisher's bait, they can use the information to create fake accounts in your name, ruin your credit, and steal your money or even your identity.

How do phishing scams find me?

This style of identity theft is extremely widespread because of the ease with which unsuspecting people share personal information. Phishing scams often lure you with spam email and instant messages requesting you to "verify your account" or "confirm your billing address" through what is actually a malicious Web site. Be very cautious. Phishers can only find you if you respond.

What can email phishing scams do to me?

After you've responded to a phishing scam, the attacker can:

  • Hijack your usernames and passwords
  • Steal your money and open credit card and bank accounts in your name
  • Request new account Personal Identification Numbers (PINs) or additional credit cards
  • Make purchases
  • Add themselves or an alias that they control as an authorized user so it's easier to use your credit
  • Obtain cash advances
  • Use and abuse your Social Security number
  • Sell your information to other parties who will use it for illicit or illegal purposes

How will I know?

Phishers often pretend to be legitimate companies. Their messages may sound genuine and their sites can look remarkably like the real thing. It can be hard to tell the difference, but you may be dealing with a phishing scam if you see the following:

  • Requests for confidential information via email or instant message
  • Emotional language using scare tactics or urgent requests to respond
  • Misspelled URLs, spelling mistakes or the use of sub-domains
  • Links within the body of a message
  • Lack of a personal greeting or customized information within a message. Legitimate emails from banks and credit card companies will often include partial account numbers, user name or password.

How can I get phishing protection?

When you arm yourself with information and resources, you're wiser about computer security threats and less vulnerable to phishing scam tactics. Take these steps to fortify your computer security and get better phishing protection right away:

  • Do not provide personal information to any unsolicited requests for information
  • Only provide personal information on sites that have "https" in the web address or have a lock icon at bottom of the browser
  • If you suspect you've received phishing bait, contact the company that is the subject of the email by phone to check that the message is legitimate
  • Type in a trusted URL for a company's site into the address bar of your browser to bypass the link in a suspected phishing message
  • Use varied and complex passwords for all your accounts
  • Continually check the accuracy of personal accounts and deal with any discrepancies right away
  • Avoid questionable Web sites
  • Practice safe email protocol:
    • Don't open messages from unknown senders
    • Immediately delete messages you suspect to be spam
  • Use antivirus protection and a firewall
  • Get antispyware software protection