Protecting Your Personal Financial Information
Due to the severe ramifications of phishing, this section provides information to safeguard you against falling prey to this scam and how to protect yourself from becoming a victim.
How it happens
A typical phishing attack happens when you receive an e-mail that purports to be from your financial institution. It will probably warn you of a serious problem that requires your immediate attention. It may use phrases, such as “Immediate attention required,” or “Please contact us immediately about your account.”
This email will include a compelling message encouraging you to click on a button or a link to go the financial institution’s Web site. This will lead you to a phony web site that may look exactly like the real thing. Sometimes, it may be the company’s actual Website. In these cases, a pop-up window will quickly appear for the purpose of harvesting your financial information.
In either case, you may be asked to update your account information or to provide information for verification purposes: your Social Security number, your account number, your password or your login ID. With this information, the fraudsters can then log in as you and conduct spurious transactions.
How to Protect Yourself
- Guard your information. The Federal Trade Commission’s No. 1 tip for avoiding this rip-off is to never provide your personal information in response to an unsolicited request whether it is over the phone or over the Internet. E-mails and Internet pages created by phishers may look exactly like the real thing. They may even have a fake padlock icon that ordinarily is used to denote a secure site. A financial institution would never ask you to verify your account information online. Also, never use a public computer or wireless “hot spot” for financial transactions.
- Double-check the source. If you believe the contact may be legitimate, contact the financial institution yourself. You can find phone numbers and Web sites on the monthly statements you receive from your financial institution, or you can look the company up in a phone book or on the Internet. The key is that you should be the one to initiate contact, using contact information that you have verified yourself. You can also go to the financial institution’s website by typing in the site address directly or using a page you have previously book marked instead of a link provided in the e-mail.
- Create strong passwords. Don’t use the same user ID and passwords at different financial institutions. If you’re asked to create a security question and answer, don’t use one that’s relatively easy to discover, such as your mother’s maiden name.
- Review. Review account statements regularly to ensure all charges are correct. Don’t assume that odd $40 electronic transfer or check is a payment you just forgot about; it could be a scammer probing to see if the fraud will go unnoticed. With bill payment systems, review your payment history as well as your payee list to make sure there aren’t any unauthorized transactions. The sooner you report the theft the better; after 60 days, the bank may be under no legal obligation to provide a refund.
- Computer security. Keep your computer's operating system up to date and download security patches. These free software patches for your operating system closes holes that phishers could exploit. Beware of e-mail attachments. Don't open them or download any files, regardless of who sent them. Block pop-ups on your computer. Besides being incredibly annoying, pop-ups can be used to install hackers’ software on your computer. Many Internet service providers now have pop-up blocking software built in, or you can get blocking software from sites such as Panicware.com.
- Use anti-virus software and keep it up to date. Anti-virus software and a firewall can protect you from inadvertently accepting unwanted key-logger files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.
What to do if you think you have divulged personal information
If you think you’ve been scammed, you can file a complaint with the FTC and the Internet Fraud Complaint Center. But the most important thing is to notify your financial institution or credit card issuer of the account that has been compromised. You’ll probably want to close the account and open a new one.
Report the attacks by forwarding the phishing e-mail to the following addresses: spam@uce.gov, reportphishing@antiphishing.org and to the "abuse" e-mail address at the company that is being spoofed (e.g. "spoof@ebay.com").
If you’ve given away your Social Security number, you should also notify the big three credit reporting agencies -- Experian, Equifax and TransUnion -- so that a fraud alert can be placed on your file. That way, if anyone applies for new accounts with your Social Security number, you will be notified immediately. You should also start regularly monitoring your credit reports, if you don’t already.
