Phishing Scams and How to Avoid Them
What is a Phishing Email?
The term "phishing" – as in fishing for confidential information - refers to a scam that encompasses fraudulently obtaining and using an individual's personal or financial information. This is how it works:
- A consumer receives an e-mail that appears to originate from a financial institution, government agency, or other well-known/reputable entity.
- The message describes an urgent reason you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message. f
- The provided link appears to be the Web site of the financial institution, government agency or other well-known/reputable entity, but in "phishing" scams, the Web site belongs to the fraudster/scammer.
- Once inside the fraudulent Web site, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth.
- When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person's identity.
What should you do if you get one?
- Always consider the intent of an e-mail before trusting the claims and requests the sender makes. If the email asks you to give out personal information, or if it asks you to send or wire money or if any part of it sounds suspicious, do not click on any links, do not download any attachments, do not call any phone numbers listed and most importantly, do not respond or fulfill their requests.
- If you’re concerned about your account or need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.
- If you suspect an e-mail or Web site is fraudulent, report this information to the real bank, company, government agency, or individual using a phone number from a reliable source. If your bank's Web page looks different or unusual, contact the institution directly to confirm that you haven't landed on a copycat Web site set up by criminals. Also, contact the Internet Crime Complaint Center (www.ic3.gov), a partnership between the FBI and the National White Collar Crime Center.
- Forward phishing emails to email@example.com – and to the company, bank, or organization impersonated in the email. You also may report phishing email to firstname.lastname@example.org. The Anti-Phishing Working Group, a group of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.
- If you suspect that you have been a victim of identity theft, perhaps because you submitted personal information in response to a suspicious, unsolicited e-mail or you see unauthorized charges on your credit card, immediately contact your financial institution. Also contact
- the police and request a copy of any police report or case number for later reference
- call the three major credit bureaus (Equifax at 800-525-6285, Experian at 888-397-3742 and TransUnion at 800-680-7289) to request that a fraud alert be placed on your credit report.
- File a report with the Federal Trade Commission at www.ftc.gov/complaint.
- Visit the FTC’s Identity Theft website. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.
- Delete emails from your computer after reporting them to the appropriate agencies.
How to Avoid a Phishing Attack:
- Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer's security.
- Use Security Software That Updates Automatically - Ways to attack your computer are constantly being developed, so your security software must be up-to-date. Most security software can update automatically; set yours to do so. You can find free security software from well-known companies. Also, set your operating system and web browser to update automatically. If you let your operating system, web browser, or security software get out-of-date, criminals could sneak their bad programs – malware – onto your computer.
- Treat Your Personal Information Like Cash - Don’t hand it out to just anyone. Your Social Security number, credit card numbers, and bank and utility account numbers can be used to steal your money or open new accounts in your name. Don't email personal or financial information. Email is not a secure method of transmitting personal information.
- Check Out Companies to Find Out Who You’re Really Dealing With - When you’re online, a little research can save you a lot of money. If you see an ad or an offer that looks good to you, take a moment to check out the company behind it. Type the company or product name into your favorite search engine with terms like “review,” “complaint,” or “scam.” If you find bad reviews, you’ll have to decide if the offer is worth the risk. If you can’t find contact information for the company, take your business elsewhere. Don’t assume that an ad you see on a reputable site is trustworthy. The fact that a site features an ad for another site doesn’t mean that it endorses the advertised site, or is even familiar with it.
- Give Personal Information Over Encrypted Websites Only - If you’re shopping or banking online, stick to sites that use encryption to protect your information as it travels from your computer to their server. To determine if a website is encrypted, look for https at the beginning of the web address (the “s” is for secure). Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, the entire account could be vulnerable.
- Protect Your Passwords -
- The longer the password, the tougher it is to crack
- Mix letters, numbers, and special characters. Try to be unpredictable – don’t use your name, birthdate, or common words.
- Don’t use the same password for many accounts. If it’s stolen from you – or from one of the companies with which you do business – it can be used to take over all your accounts.
- Don’t share passwords on the phone, in texts or by email. Legitimate companies will not send you messages asking for your password. If you get such a message, it’s probably a scam.
- Keep your passwords in a secure place, out of plain sight.
- Back Up Your Files - No system is completely secure. Copy important files onto a removable disc or an external hard drive, and store it in a safe place. If your computer is compromised, you’ll still have access to your files.
- Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call to confirm your billing address and account balances.
Keep in Mind:
- FineMark and other legitimate businesses do not issue unsolicited e-mails to consumers or business account holders. It is important to note that FineMark will never ask for personal or confidential information in this manner.
- Don't reply to email, text, or pop-up messages that ask for your personal or financial information. Don’t click on links within them either – even if the message seems to be from an organization you trust. It isn’t. Legitimate businesses don’t ask you to send sensitive information through insecure channels.
If you have questions about this article or anything on our website or anything related to phishing scams, please call your office or our toll-free number: 877-461-5901 and we would be happy to help.
Prepared by Broadridge Investor Communication Solutions, Inc. Copyright 2011-2014.