Phishing

A scammer may decide the easiest way to get the information they want is to simply ask you for it while posing as a company, government agency, or even a non-profit. This practice is known as phishing. Scammers gain your trust by looking official – perhaps even using familiar logos and email formats that look like genuine correspondence. They may try to frighten you with warnings about fines, disruption of services, closing accounts, or even by saying your accounts have been hacked.

The senders are phishing for your information so they can use it to commit fraud. Area codes can mislead, too. Some scammers ask you to call a phone number to update your account or access a "refund." It can seem secure, but a local area code doesn’t guarantee that the caller is local.

Type of Phishing and Warning Signs

Phone call Phishing

Warning signs to look out for:

  1. A phone call from “your credit card company” or “financial institution”, typically from someone who works in the “Security and Fraud Department”
  2. You are told your card has been flagged for suspicious transactions and you need to prove that you have the card in your possession
  3. You are asked to provide the three-digit security code on the back of your payment card, a one-time passcode that was just sent to you, or your PIN

Email Phishing

Warning signs to look out for:

  • Spelling and grammar errors in the subject line or body of the email
  • Deadline. Sometimes scammers will include a deadline and threaten account suspension to add urgency to override your normal sense of caution
  • The email address doesn’t match the organization (i.e., irs.net or amazon.mil)
  • The email does not address you by name
  • No contact information. If something feels suspicious, contact your financial institution directly using the phone number on the back of your card
  • Suspicious requests. Visa, like other financial institutions, does not contact cardholders to request their personal account information
  • Suspicious hyperlinks. Avoid clicking on hyperlinks if possible. A single click can cause your computer to become infected with malware

Text Message Phishing

Warning signs to look out for:

  • There’s a link instead of a phone number to call
  • The text you receive may not contain the name of the bank or any other information
  • The text requests that you log in to your bank account to verify a transaction, enter your PIN, or provide your 3-digit CVV code

Website Phishing

Warning signs to look out for:

  • There’s something slightly off about the web address or the actual page. Look for misspelled words, substitutions or updated logos
  • An unusual pop-up on the site that requests that you enter your account information
  • There are HTML links that don’t match their destination

Social Media Phishing

Warning signs to look out for:

  • A friend request from someone you don’t know
  • A post asking you to click on a link that requests personal information

How to Deal with Phishing Scams

  • Delete email and text messages that ask you to confirm or provide personal information (credit card and bank account numbers, Social Security numbers, passwords, etc.). Legitimate companies don't ask for this information via email or text.
  • Don’t reply, and don’t click on links or call phone numbers provided in the message, either. These messages direct you to spoof sites – sites that look real but whose purpose is to steal your information so a scammer can run up bills or commit crimes in your name.
  • If you’re concerned about your account or need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.

Avoid A Phishing Attack

  • Use trusted security software and set it to update automatically. In addition, use these computer security practices.
  • Don't email personal or financial information. Email is not a secure method of transmitting personal information.
  • Only provide personal or financial information through an organization's website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins https (the "s" stands for secure). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
  • Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call to confirm your billing address and account balances.
  • Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer's security.

Report Phishing Emails

Forward phishing emails to spam@uce.gov – and to the company, bank, or organization impersonated in the email. You also may report phishing email to reportphishing@antiphishing.org. The Anti-Phishing Working Group, a group of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.

File A Complaint With The FTC: File an identity theft complaint with the FTC online at http://ftc.gov/idtheft or by phone at 1.877.438.4338. Take your completed FTC identity theft affidavit to your local police, or the police where the theft occurred, to file a police report. Get a copy of the police report or the report number. Your FTC identity theft affidavit plus your police report makes an Identity Theft Report. Send copies to companies where you report fraud. Ask them to remove or correct fraudulent information in your accounts.