Phishing is a criminal attempt to solicit your sensitive personal information, usually electronically via email. While phishing schemes are not new, con artists continue to invent new ways to trick consumers into handing over sensitive information.
In a typical phishing scheme, consumers receive an email purportedly from their email service provider or a financial service provider, such as a bank or credit card company, or even a government agency. The email tells the consumer that there is a problem with his or her account. The supposed problem can range from an unauthorized use of the account, to repeated attempts to change passwords or a notification that the account activity is being audited. Regardless of the reason given, the consumer is instructed to verify that she is the account owner by responding with identifying information such as name, address, date of birth, email username and password, bank account number, PIN number or Social Security number.
- No legitimate company will ever send you an unsolicited email asking for your personal information.
- If you get an email or pop-up message that asks for personal or financial information, do not reply. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct web address yourself.
- Contact your email service provider or financial service provider directly using the customer service number on your account statement or the number given on the provider’s website to verify that the information in the original email was, or was not, legitimate.
- Do not give sensitive information in response to an unsolicited request for it.
- Immediately delete all suspicious emails, and never open email attachments or click on links from unknown sources.
- Use anti-virus and anti-spyware software, as well as a firewall, and update them regularly.
- Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge.
As more people rely on email, marketers are increasingly using email messages to pitch their products and services. Some consumers find unsolicited commercial email – also known as spam – annoying and time consuming. But, it can be dangerous, too. Some consumers have lost money due to bogus offers that arrived by email.
- Check with your email provider or Internet service provider to see if they offer tools that filter spam or channel spam to a junk email folder.
- Try not to display your email address in public. This includes social networks, newsgroup postings, chat rooms and websites.
- Some websites allow you to opt out of receiving promotional emails, offers and solicitations from them or their “partners.” Be watchful for opt-out checkboxes before you submit your information.
- Consider using two email addresses – one for personal and financial messages and another for social networking, newsgroups or chat rooms.
- Use a unique email address. Spammers use dictionary attacks to sort through possible name combinations at large Internet service providers or email services, hoping to find a valid address. Common names, such as “bobsmith,” may get more spam than a unique name.
If you receive spam in your email inbox, you can report it to the Federal Trade Commission (FTC). You can send a copy of the unwanted email to firstname.lastname@example.org. The FTC uses these unsolicited emails to pursue law enforcement actions against spammers. You may also consider contacting your Internet service provider so they can take steps in the future to reduce spam abuse on their system.