Phishing is the illegal act of an unknown entity posing as a company, such as a bank or credit card company, in order to collect personal information. The information that phishers try to collect include account numbers and passwords. Phishing mostly occurs via email but can also occur via instant messaging and fax.
When a person receives a phishing email, at first glance it looks like a legitimate email. It usually contains the companies’ logo, web address, copyright information and looks professional. At closer inspection there are signs that the email is not legit, such as misspelled words, incorrect domain name and no personalization.
There are several steps that can be taken to protect your personal information from phishing schemes.
• Most legitimate emails are usually personalized. The email will start with Mr. Last Name, while phishing emails usually start with something like Dear Valued Member.
• The phishers usually use a domain name that appears to be from the legitimate company but usually with a slight variation. For example, instead of the email coming from www.citibank.com the email would come from info.citibank.com.
• If you are not sure if the email is legitimate or a phishing email do not click any links in the email. Instead, go to the companies’ site by typing their known web address in a browser. If it is a legitimate request, then change your information using this method.
• Banks and credit card companies do not request account numbers, account names or passwords via email. If an email requests this information it is a phishing email.
• Legitimate companies want you to report a phishing attempt. Go to their web site and search for mail fraud or phishing. They will provide an email address where the phishing attempt should be sent.
• If you are not sure if the email is legit and you are concerned that you need to change something in your account, then contact the company directly and change your account information.
• When the email has a phone number to call to verify your information, don’t use that number. Instead use a number from a bank or credit card statement so you know it is the companies’ official number.
• Never provide your username or password to anyone via instant messaging. Some phishing is performed via instant messaging, where the phisher pretends to be from customer support, and claims they need your password to make account changes.