All internet users should be aware of the online scam known as “phishing” (pronounced fishing). Phishing involves the use of email messages that appear to come from your bank or another trusted business, but are actually from imposters.
Phishing e-mails typically ask you to click a link to visit a web site, where you are asked to enter or confirm personal financial information such as you account numbers, passwords, social security number or other data. Although these web sites may appear legitimate, they are not. Thieves can collect whatever data you enter and use it to access your personal accounts.
Other sites appear non-functional or temporarily out of service, this may be deceiving and in reality, the site may be downloading a virus and/or other ill-intended software to your computer.
How can I spot a phishing scam?
Here are some warning signs to look for.
- Language and tone - the message you receive may urge you to act quickly by suggesting that your account is threatened or will expire soon. It may say that if you fail to update, verify or confirm your personal account information, access to your accounts will be suspended. The wording may also be sloppy and contain misspellings and or grammatical errors.
- Requests for personal information - scam emails typically ask for personal account information such as:
- Account numbers and passwords
- Credit and check card numbers
- Social Security numbers
- Online banking user IDs and passwords
- Mother’s maiden name
- Date of birth
- Other confidential information
- E-mailed instructions to download software - do not install software downloads directly from e-mail messages, or from companies or web sites you do not recognize. When in doubt, contact the company directly.
- Non-secure web pages - Clever thieves can build a fake web site that looks nearly identical to an authentic one. They can even alter the URL (web address) that appears in your browser window address field on the top. Watch out for non-secure web pages that ask for sensitive information (secure sites will typically display a lock in the status bar at the bottom of your browser window).
How can I decrease my risk of being a phishing victim?
Here are some safety tips:
- Be suspicious of demanding messages - Messages threatening to terminate or suspend your account without your quick response should be treated as suspicious. A legitimate business should not request personal information from you over an unsecured web site.
- Be cautious of downloads - Installing unknown software on you computer can put your personal information at risk and potentially harm your computer’s hard drive.
- Always type in the URL of the web page you need - Phishing scams rely on embedded links that take you to fake web sites. It is safer to type your intended web address directly into your browser so you know you are visiting the legitimate site.
- Protect you password - Do not write down sensitive personal information such as your login ID, password or Social Security number.
- Keep you computer up-to-date - Industry best practices recommend that you install anti-virus and firewall programs to help keep your computer safe and that you keep updated with the latest Security improvements of your software providers.
General Security Tips
While anyone can fall prey to fraud and identity theft, many ways exist to minimize your risk. Here are some security tips so you can guard against fraud and identity theft:
Privacy
- Never give out personal information online or over the phone unless you have initiated the contact.
- Avoid using easily guessed or learned information for your online password
- Avoid writing down passwords
Personal Computer Security
One way a thief can get personal information about you is from your home computer. The following tips detail how you can add to the security of personal information on your home computer.
Passwords and User IDs
For each computer or online service you use, you should have a user ID and password. Try to create the most unique password, and protect it. Commit your password to memory and do not share it with anyone.
The following easily-identifiable items should be avoided when creating passwords:
- Your birth date or a family member’s birth date
- Names of family members or pets
- Social Security number
- Phone numbers
- Dates of important events, such as anniversaries
- Your login ID
Tips for creating strong passwords:
- Use a combination of numbers, letters and punctuation
- Longer passwords are better
- Make sure it is something you can remember without writing it down
Install and use Anti-Virus Programs
Install a firewall
E-mail Attachments
You should only open and read a message that passes the tests below:
- The know test – is the e-mail from someone you know?
- The received test – have you received e-mail from this person before?
- The expect test – were you expecting e-mail with an attachment from this sender?
- The sense test – does the e-mail subject make sense based on who is sending the email? Would you expect this type of attachment from this person?
- The virus test – does this e-mail contain a virus? To determine this, you need to install and use an anti-virus program.
