Spot a Phishing Scam
Phishing involves the use of e-mail messages that appear to come from your bank or another trusted business in an attempt to scam the user into surrendering private information that will be used for identity theft. The phishing e-mail will typically ask you to click a link to visit a Web site, where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers.
How to spot a phishing scam
Scammers have become increasingly sophisticated in creating fraudulent emails and Web sites that look authentic. These emails and Web sites often appear to be from legitimate companies and include images and logos of these organizations. Following are signs that indicate the email may not be legitimate.
A. Sender’s Email Address
Spoof email may include a forged email address in the “From” line – Some may actually be real email addresses that have been forged.
B. Email Greeting
Many Spoof emails will begin with a general greeting such as “Dear Washington Mutual customer”
Claims that your account may have been accessed by an unauthorized third party.
D. Account Status Threat
Most Spoof emails try to deceive you with the threat that your account is in jeopardy and if you fail to update, verify or confirm your personal or account information, access to your accounts will be suspended.
E. Links in an Email
While many emails have links included, and ask you to restore your account access, just remember that these links can be forged too.
F. Requests Personal Information
Requests that you enter sensitive personal information such as a User ID, password or bank account number by clicking on a link or completing a form within the email are a clear indicator of a Spoof email.
How to spot a fake Website
Often, the link in the email will not match up with the URL of the site it takes you to
G. Legitimate Web Addresses
Legitimate Web sites maintain current certificates for secure pages. To authenticate the site’s secure Web page, follow these steps:
- Look for the padlock in the lower right (Internet Explorer) or left (Netscape) corner of your browser window;
- Look in the address window above, the letters https:// should appear in front of the address of the form screen (instead of the non-secure http:// address).
- On the secure Web page, click on the File menu and go to Properties.
- Click on the button at the bottom of the screen called ‘Certificates’ – it should include the Web address (URL) with which the security certificate was issued and the validity dates
Protecting your account
These protection practices can be applied to your bank account, your ISP account and virtually any other online account you hold.
Here are some tips on how to protect your account and what to do if you think you may have responded to a Spoof email:
- Be suspicious of demanding messages. Messages threatening to terminate or suspend your account without your quick response should be treated as suspicious.
- Be cautious of downloads. Installing unknown software on your computer can put your personal information at risk and potentially harm your computer’s hard drive.
- Scan for Viruses Frequently. Scan your computer for viruses and make sure your virus software, operating system, and browser patches are up to date.
- Vigilance Is the Best Line of Defense. You should periodically check your account status to see if there is any suspicious activity.
- Change Your Password Frequently. If you think your account security may have been breached, change your account password immediately. Learn How to change your password.
- Make Your Password Unique. To prevent someone from accessing multiple accounts, it is effective to have different passwords for each account. Also, a good password will include a combination of letters and numbers – this makes it more difficult for people to guess the password.
- Contact Your Bank and Credit Card Company. If you think you entered your personal financial information into a spoof site, contact your bank and credit card company immediately.