Phishing Email Scams - What They Are and How to Avoid Them

Phishing scams have been rapidly growing on the Internet for years. It is a means of online identity theft and fraud. Phishing emails typically look authentic and claim to be from a trustworthy company, usually a banking institution, credit card company, or other financial organization. Some phishing scams seek to steal personal information and financial data. Others can infect computers with viruses and try to convince people to participate unknowingly in scams, such as money laundering. Some well known companies that have been targeted by phishing email scams include eBay, Wells Fargo, Citibank, PayPal, Amazon and Bank of America.

Phishing scams tend to be pretty organized and well thought out. Phishers decide which businesses to target and then figure out how to get email addresses for customers of that business. They tend to mimic spammers in that they apply similar mass mailing and address collection techniques. The phishers use the seemingly authentic email messages to convince people to give up their personal information, many times by providing links to Web pages requesting this information. Then they use the information they’ve gathered to make illegal purchases, steal money from an account, open new accounts in your name, etc - committing fraud and/or identity theft.

There are several things you can do to protect yourself from phishing email scams. For starters, you should have adequate email protection and... make use of some good ole common sense. Here are a few other tips on how to spot phishing emails.

• Don’t trust the “From” address of an email as it can be easily faked.
• Be suspicious of emails that include upsetting, exciting, or are urgent requests attempting to get you to react immediately.
• Don’t blindly trust clickable links in an email as it can be a phony site to steal your personal information. If in doubt, go directly to the company’s website by manually typing the address versus clicking on the link in the email.
• Never send any personal information, such as social security numbers, online banking passwords, or credit card numbers to anyone via email.
• Only enter your online banking password on a website in which you have manually entered into the browser’s web address (URL) field.
• Watch out for misspelled words and incorrect company names. Sometimes an email contains spelling mistakes or misuses a company name. This can be a sign of a phony email and phishing scam.
• Regularly check your banking, credit card, and other financial statements to make sure all transactions are legitimate.
• Make sure your browser is up to date with the latest security patches installed.
• Check a site’s security certificate before you enter personal information into a website.

Furthermore, report phishing emails scams to the groups listed below. You can go directly to these web sites or forward the email scams to the email addresses provided.

• Federal Trade Commission – website: www.ftc.gov -- email: spam@ics.gov
• Anti-Phishing Working Group (APWG) – website: www.antiphishing.org -- email: reportphishing@antiphishing.org
• The Internet Crime Complaint Center of the FBI – website: www.ic3.gov
• Find the “abuse” email address at the company that is being targeted and forward the entire email, including header information to the address.

If you think you might have responded to a phishing scam, there are a few steps you can take to minimize the damage.

• Immediately change your passwords or PINs on all of the online accounts that might have been compromised.  If you are not sure, change them all (it's probably time)
• Contact the bank or online business directly concerning any fraudulent activity on your account.
• If an account has been opened without your permission, close it immediately.
• Place a fraud alert on your credit reports.
• Examine your bank and credit card statements routinely for possible charges that you did not initiate.

Phishing is simply a high-tech scam that works like old-fashioned con jobs, where a hustler convinces a mark that he is reliable and trustworthy. Bottom line: If you receive an email that you think might be a phishing scan, delete it. Don’t click on any links in the message.