Email 101
Online Phishing Scams – Tips to Avoid the Hook
by Kelly L. Potter
December 3, 2006
So you open your email inbox and the message states: "We suspect an unauthorized transaction on your credit card account. To ensure that your account is not compromised, please click the link below and confirm your identity." The graphics and company logo appear just as they do on your credit card company’s website. The email message follows the same format as the company announcements, newsletters, and updates you received in the past via email.
In all likelihood, the message was not from your credit card company, but instead was a scam. A person probably copied the graphics from the company’s website and formatted the email message to appear like typical company emails. What would have happened if you had clicked on the link within the email message and entered personal information? Your information would have been sold—along with many other people’s information—to be used in identity theft scams.
Exploiting the Internet to scam people into revealing their personal or credit card information by pretending to be a company they do business with is called phishing. Phishers scam people by "fishing" for personal and financial information from unsuspecting customers and use the information for monetary gain.
Phishing is a lucrative business. According to a study by the Better Business Bureau and Javelin Strategy & Research, 8.9 million people were the victims of online fraud or identity theft last year. The average consumer suffered a loss of $6,383.
What can you do to avoid getting “hooked” by a phishing scam?
- Don’t reply to emails asking for personal or financial information. Legitimate companies you are already doing business with do not ask for personal or financial information via email.
- Never click links within emails that ask for personal or financial information. Hackers can retrieve information from your computer in various ways, including accessing stored information and monitoring keystrokes.
- Avoid cutting and pasting links from an email message into a new browser window. Many people think this will help them determine if a website is legitimate; however, phishers can make links appear as if they go to a legitimate site while sending you to another website that they control.
- Never call company phone numbers listed in an email. A common scam asks you to call the phone number listed in the email to update your account information. Sophisticated technology can mask an area code and divert the call to anywhere. If you need to reach a company, call the number printed on your financial statements, credit card, or the company's website.
- Don’t email personal or financial information, and always keep account passwords private.
- Use antivirus and anti-spyware software, a firewall, and spam filters. Update these regularly!
- Be wary of emails that seem urgent. Phishing emails often state that immediate action is required to tempt you to respond without thinking.
- Pay close attention to the web address if you choose to access a company’s website through an email link. Some phishers register domain names that look similar to the legitimate domain name of a company. If there is any doubt, open a new browser window and type the web address yourself.
How can you tell if you’ve been scammed?
No matter how diligent you are, phishing scams are deceptive, and it is easy to be tricked into revealing your private information. Be sure to remain alert and to read your credit card and bank statements as soon as they arrive.
If you are a U.S. citizen, check your credit report regularly to look for any new accounts or suspicious activity. The Fair and Accurate Credit Transactions Act grants a report from each of the three nationwide consumer credit reporting companies once every 12 months. Go to www.annualcreditreport.com for information on how to order a free annual credit report.
What do you do if you think you've been scammed?
Forward deceptive emails to spam@uce.gov. The Federal Trade Commission uses these to pursue legal actions against people who operate scams within the United States.
You can also forward the email to the appropriate email address of the company that is represented. Most companies have sections on their websites to deal with fraud, spam, and identity theft.
If you are a U.S. victim of online phishing, visit the FTC’s Identity Theft website to review the steps you need to take if you are a victim of fraud.
Be smart about the emails and offers you receive, and think logically to minimize your risk of getting hooked. If you are proactive and review your credit report and financial statements regularly, you may be able to catch fraud early before any significant damage occurs. And if you’re on the lookout for deceptive and fraudulent emails, you will learn how to spot the sharks in these online phishing scams!