How Not to Get Hooked by a ‘Phishing’ Scam

Internet scammers casting about for people’s financial information have a new and growing way to lure unsuspecting victims: They go “phishing.”

Phishing is a high-tech scam that uses fake email messages or pop-up messages to deceive you into providing personal financial information such as your credit card numbers, bank account information, Social Security number, or passwords.  The scammers use the information to run up bills or commit crimes in your name.

These phony messages often contain a notification that your account needs to be updated or validated—often for security reasons.  They often threaten serious consequences if you don’t respond. Some of these phony messages claim to be from a business or organization that you deal with and even feature logos and design elements that appear to be legitimate.  Often the recipients are instructed to click on a link that will direct them to a web page that looks legitimate.

Tips to Avoid Getting Hooked

The U.S. Federal Trade Commission (FTC) suggests these tips to help you avoid getting hooked by a phishing scam:

• If you get an email or pop-up message that asks you for personal or financial information, do not reply or click on the link in the message.  Legitimate companies don’t ask for this information by email. If you are concerned about your account, call the company listed in the email using a telephone number you know is genuine.
• Never email personal or financial information.  Email is not secure for this purpose.
• Review credit card and bank account statements as soon as you receive them to determine if there are any unauthorized charges.
• Use anti-virus software and keep it up to date.  Some phishing emails contain software that can harm your computer or track your activities on the Internet without you knowing it.
• Maintain a firewall that helps make you invisible on the Internet, especially if you have a broadband connection. 
• Regularly update your computer operating system with free patches to close holes that make you vulnerable to hackers or phishers.
• Be cautious in opening attachments or downloading files from email regardless of who sent them.

Reporting Deceptive Email

If you get a spam that is phishing for information, forward it to spam@uce.gov.   The  FTC uses the spam stored in this database to pursue legal action against people who send deceptive email.

If You Have Been Scammed

If you believe you have been scammed, file a complaint with the FTC at www.ftc.gov.  Then visit the FTC’s Identity Theft Website at www.consumer.gov/idtheft for tips on how to minimize the damage.

For more information on how to avoid email scams and deal with deceptive email, visit website www.ftc.gov/spam.

Source:  “How Not to Get Hooked by a ‘Phishing’ Scam,” Federal Trade Commission.