Phishing Scams - What They Are and How to Avoid Them
What is a Phishing Email?
term "phishing" – as in fishing for confidential information - refers to
a scam that encompasses fraudulently obtaining and using an
individual's personal or financial information. This is how it works:
- A consumer receives an e-mail that appears to originate from a financial institution, government agency, or other well-known/reputable entity.
- The message describes an urgent reason you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message. f
- The provided link appears to be the Web site of the financial institution, government agency or other well-known/reputable entity, but in "phishing" scams, the Web site belongs to the fraudster/scammer.
- Once inside the fraudulent Web site, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth.
- When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person's identity.
What should you do if you get one?
- Always consider the intent of an e-mail before trusting the claims and requests the sender makes. If the email asks you to give out personal information, or if it asks you to send or wire money or if any part of it sounds suspicious, do not click on any links, do not download any attachments, do not call any phone numbers listed and most importantly, do not respond or fulfill their requests.
- If you’re concerned about your account or need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.
- If you suspect an e-mail or Web site is fraudulent, report this information to the real bank, company, government agency, or individual using a phone number from a reliable source. If your bank's Web page looks different or unusual, contact the institution directly to confirm that you haven't landed on a copycat Web site set up by criminals. Also, contact the Internet Crime Complaint Center (www.ic3.gov), a partnership between the FBI and the National White Collar Crime Center.
- Forward phishing emails to firstname.lastname@example.org – and to the company, bank, or organization impersonated in the email. You also may report phishing email to email@example.com. The Anti-Phishing Working Group, a group of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.
you suspect that you have been a victim of identity theft, perhaps
because you submitted personal information in response to a suspicious,
unsolicited e-mail or you see unauthorized charges on your credit card,
immediately contact your financial institution. Also contact
- the police and request a copy of any police report or case number for later reference
- call the three major credit bureaus (Equifax at 800-525-6285, Experian at 888-397-3742 and TransUnion at 800-680-7289) to request that a fraud alert be placed on your credit report.
- File a report with the Federal Trade Commission at www.ftc.gov/complaint.
- Visit the FTC’s Identity Theft website. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.
- Delete emails from your computer after reporting them to the appropriate agencies.
How to Avoid a Phishing Attack:
- Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer's security.
- Use Security Software That Updates Automatically - Ways to attack your computer are constantly being developed, so your security software must be up-to-date. Most security software can update automatically; set yours to do so. You can find free security software from well-known companies. Also, set your operating system and web browser to update automatically. If you let your operating system, web browser, or security software get out-of-date, criminals could sneak their bad programs – malware – onto your computer.
- Treat Your Personal Information Like Cash - Don’t hand it out to just anyone. Your Social Security number, credit card numbers, and bank and utility account numbers can be used to steal your money or open new accounts in your name. Don't email personal or financial information. Email is not a secure method of transmitting personal information.
- Check Out Companies to Find Out Who You’re Really Dealing With - When you’re online, a little research can save you a lot of money. If you see an ad or an offer that looks good to you, take a moment to check out the company behind it. Type the company or product name into your favorite search engine with terms like “review,” “complaint,” or “scam.” If you find bad reviews, you’ll have to decide if the offer is worth the risk. If you can’t find contact information for the company, take your business elsewhere. Don’t assume that an ad you see on a reputable site is trustworthy. The fact that a site features an ad for another site doesn’t mean that it endorses the advertised site, or is even familiar with it.
- Give Personal Information Over Encrypted Websites Only - If you’re shopping or banking online, stick to sites that use encryption to protect your information as it travels from your computer to their server. To determine if a website is encrypted, look for https at the beginning of the web address (the “s” is for secure). Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, the entire account could be vulnerable.
- Protect Your Passwords -
- The longer the password, the tougher it is to crack
- Mix letters, numbers, and special characters. Try to be unpredictable – don’t use your name, birthdate, or common words.
- Don’t use the same password for many accounts. If it’s stolen from you – or from one of the companies with which you do business – it can be used to take over all your accounts.
- Don’t share passwords on the phone, in texts or by email. Legitimate companies will not send you messages asking for your password. If you get such a message, it’s probably a scam.
- Keep your passwords in a secure place, out of plain sight.
- Back Up Your Files - No system is completely secure. Copy important files onto a removable disc or an external hard drive, and store it in a safe place. If your computer is compromised, you’ll still have access to your files.
- Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call to confirm your billing address and account balances.
Keep in Mind:
- FineMark and other legitimate businesses do not issue unsolicited e-mails to consumers or business account holders. It is important to note that FineMark will never ask for personal or confidential information in this manner.
- Don't reply to email, text, or pop-up messages that ask for your personal or financial information. Don’t click on links within them either – even if the message seems to be from an organization you trust. It isn’t. Legitimate businesses don’t ask you to send sensitive information through insecure channels.
If you have questions about this article or anything on our website or anything related to phishing scams, please call your office or our toll-free number: 877-461-5901 and we would be happy to help.
Creating a Strong Password
The Key to Keeping your Online Account Information Secure
Having a strong password is key to account security. Most of us have significant financial and personal information that's readily accessible through the Web, in most cases protected by nothing more than a username and password. Given the damage that can result from unauthorized access to this treasure trove of information, it makes sense to pay attention to a few simple common-sense rules that apply to online passwords.
Don't share your username or password with anyone, for any reason. Also, just as you wouldn't shout your password out for all to hear, don't make it easy for others to see you entering your password or PIN.
Use strong passwords. Your password should never be a word that can be found in a dictionary. It’s better to use a combination of numbers, upper- and lower-case letters, and symbols. Your password also shouldn't contain personal information that's easy to guess, i.e. pet names, children, birthdays or phone numbers. The tradeoff, of course, with such "strong" passwords is that they're not always easy to remember and you may find yourself breaking the next rule.
Don't write down your passwords. Imagine the consequences if your password list were to fall into the wrong hands. If you still feel the need to write down your passwords, keep them in a safe, locked place away from your desk or computer. You may also want to consider a password manager program or application. These programs encrypt your login and password information and you only need to memorize one password: the one that lets you access the password manager.
Use different passwords for different accounts. When you spend the time coming up with a strong password that you can remember, there's an overpowering temptation to use that same password everywhere you can. Bad idea. You should always try to use a different username and password with each account. The danger in using the same username and password for everything is that if one of your accounts is compromised, all of your accounts are at risk. And change your password periodically; change it immediately if you see any suspicious activity in your account.
Don't let your guard down. Good password practices and a little common sense can go a long way in protecting you from cyberthieves. The key is to avoid common mistakes, educate yourself on basic Internet security practices, and stay on top of things by regularly checking your accounts. The time and effort you'll spend today implementing effective passwords is nothing compared to the problems you'll face if you find that you're not the only one with access to your accounts.
FineMark offers great online services from online banking to bill pay. We strongly encourage our clients to keep their accounts secure by taking all necessary precautions. If you are having trouble with online banking, bill pay or if you would like more tips on how to keep your important information secure - call us. We are always here to help.