Email / Web Scams

Protect Yourself from Phishing

Phishing attacks use 'spoofed' emails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers, and credit card companies, phishers are able to convince up to 5% of recipients to respond to them.

What Consumers Can Do To Protect Themselves

  • Treat email requests for financial information or other personal data with suspicion. Do not reply to the email or respond by clicking on a link within the email message.
  • Contact the actual business that supposedly sent the email to verify if it is genuine. Call a phone number or visit a website that you know to be legitimate.
  • Be cautious and check your monthly statements to verify all transactions. Notify your bank immediately of any erroneous or suspicious transactions.
  • Report suspicious emails to the Federal Trade Commission (FTC).

Who Is Taking The Bait

Hundreds of consumers are finding themselves the victims of a high-tech scam known as "phishing." It involves fraudsters who hide behind the anonymity of the Internet and pretend to be a legitimate financial institution or credit card company. The fraudsters send out "official-looking" emails designed to trick consumers into divulging financial and personal information such as account numbers, passwords, user names, Social Security Numbers, and other sensitive data.

Most of the email messages claim there is an account problem or warn of a possible account fraud threat. In many cases, the email also includes a link to a fake website that has been set up to mimic the legitimate online business. Either way-the whole idea is to convince the consumer there is an immediate need to update their financial information.

Many of those who receive spammed email do not have accounts or customer relationships with the legitimate business that the emails purport to come from. This is because the fraudsters who sent them most likely used a "spamming" (mass emailing) technique to reach thousands of people. They are counting on the fact that some email recipients will have an account or customer relationship with the legitimate company, and that they will believe the email has come from a trusted source.

How Stolen Data Is Being Used

Those who respond to phishing emails and turn over the requested financial or personal information may be putting their accounts and financial status at risk in the following ways:

  • Phishing fraudsters can use the email data received from a recipient to access existing bank card accounts to withdraw money or buy expensive merchandise or services.
  • They can also use the data to open new bank or credit card accounts in the victims' names and use the new account to buy merchandise or get a cash advance. If the phishing fraudster opens new accounts with the victims' names, but uses an address other than that of the victim, the crime can be classified as identity theft.
  • In addition, a phishing scheme can involve the use of computer viruses and worms to disseminate the phishing emails to still more people.

Reporting Criminal Information

If you believe you are a recipient of a possible phishing email, send copies of the email to the Federal Trade Commission email account and the Anti Phishing Working group email account.

If you believe you have been a victim of a phishing crime, file an online complaint with the Internet Crime Complaint Center (a joint project of the FBI and the National White Collar Crime Center.) For more information about phishing, read the Federal Trade Commission's publication, "How Not to Get Hooked by a 'Phishing' Scam."