Phishing—Don't take that bait!

What is phishing? These are scams that are trying to steal personal and financial information. Phishing has primarily been online in the form of email or pop-up messages but can also occur over the phone or through the mail.

Phishers impersonate legitimate financial institutions—banks, credit unions—and businesses. The phishers cast a wide net that's bound to find persons that do business with the impersonated financial institution or company.

Email and pop-up messages may have a link to click or a phone number to call. In the case of the link, it usually goes to a fake website that mimics a legitimate site.

Want to see how savvy you are about these scams? Take The SonicWALL Phishing and Spam IQ Quiz How well did you do? It's not easy to distinguish between a real and a fake message is it?

Here are some tips to avoid being hooked by a phishing scam:

• Reputable companies and financial institutions, like your credit union and bank, NEVER, EVER send emails, make phone calls or send letters asking for personal information and account number information they already have on file. Always be suspicious of any request for information that comes from an unsolicited email or phone call. When you initiate the contact (online or by phone) with your bank or a reputable business, you may provide information to purchase merchandise or handle your account.
• If you want to make sure this is a scam or if you think the email, phone call or letter might be genuine, simply call your financial institution, using the number on your statement or that you looked up in the phone book, and ask if they sent the email, letter, or made the phone call.
• Never include account numbers and passwords in an email message.
• Never call the phone number in an email message, or left on your answering machine. Use the phone number listed on a recent statement.
• Report the scam to the company, using the customer service number or website address from a recent statement. You can send the actual spam to the FTC at spam@uce.gov.
• NEVER click on links in these sorts of emails, even if it looks legitimate. The link takes you right to the scammers not the real company.
• Never enter personal or financial information in a pop-up window. Some forms of phishing use a pop-up window on a legitimate site.
• Protect your computers by using a firewall, anti-virus and anti-spyware software and spam filters.

Here are several RealityCheck resources to help you learn more about protecting yourself and your personal financial information.

• This Scam Will Hit You This Week! But You Don't Have to Be "Phished"
• Opting Out for Peace and Security
• Enhancing Your Online Privacy and Protecting Your Personal Information
• Going Wireless? Protect Your Personal Information
• Managing Your Personal Finances on the Internet
• Keeping Your Computer Secure and Your Personal Information Safe
• Are You At Risk of Identity Theft
• Using Social Networking Sites Wisely—It's a Matter of Safty and Privacy for You and Your Children
• Don't Fall for Scams Related to the Credit Crisis

Additional Resources

How Not to Get Hooked by a 'Phishing' Scam from the FTC

Fake Credit Report Sites: Cashing in on Your Personal Information from the FTC

Internet Crime Complaint Center is a partnership between the FBI and National White Collar Crime Center. If you think you've been scammed, you can report it here.

OnGuard Online — Phishing provides some quick facts and links to other resources.

 

September 2005. Reviewed and updated October 2008.

RealityCheck Tip

The RealityCheck Privacy Rights section links to sites provided by a variety of sources. Even though we review sites for credibility and reliability, RealityCheck, of course, can't control advertising and other links on these sites. We advise ignoring pop-up ads, links to sales of products and service, and the like.