Phishing E-mail

Watch out for “phishy” emails. The most common form of phishing is emails
pretending to be from a legitimate retailer, bank, organization, or government
agency. The sender asks to “confirm” your personal information for some made-up
reason: your account is about to be closed, an order for something has been
placed in your name, or your information has been lost because of a computer
problem. Another tactic phishers use is to say they’re from the fraud
departments of well-known companies and ask to verify your information because
they suspect you may be a victim of identity theft! In one case, a phisher
claimed to be from a state lottery commission and requested people’s banking
information to deposit their “winnings” in their accounts.

Don’t click on links within emails that ask for your personal information.
Fraudsters use these links to lure people to phony Web sites that look just like
the real sites of the company, organization, or agency they’re impersonating. If
you follow the instructions and enter your personal information on the Web site,
you’ll deliver it directly into the hands of identity thieves. To check whether
the message is really from the company or agency, call it directly or go to its
Web site (use a search engine to find it).

Beware of “pharming.” In this latest version of online ID theft, a virus or
malicious program is secretly planted in your computer and hijacks your Web
browser. When you type in the address of a legitimate Web site, you’re taken to
a fake copy of the site without realizing it. Any personal information you
provide at the phony site, such as your password or account number, can be
stolen and fraudulently used.

Never enter your personal information in a pop-up screen. Sometimes a phisher
will direct you to a real company’s, organization’s, or agency’s Web site, but
then an unauthorized pop-up screen created by the scammer will appear, with
blanks in which to provide your personal information. If you fill it in, your
information will go to the phisher. Legitimate companies, agencies and
organizations don’t ask for personal information via pop-up screens. Install
pop-up blocking software to help prevent this type of phishing attack.    

Protect your computer with spam filters, anti-virus and anti-spyware
software, and a firewall, and keep them up to date. A spam filter can help
reduce the number of phishing emails you get. Anti-virus software, which scans
incoming messages for troublesome files, and anti-spyware software, which looks
for programs that have been installed on your computer and track your online
activities without your knowledge, can protect you against pharming and other
techniques that phishers use. Firewalls prevent hackers and  unauthorized
communications from entering your computer – which is especially important if
you have a broadband connection because your computer is open to the Internet
whenever it’s turned on. Look for programs that offer automatic updates and take
advantage of free patches that manufacturers offer to fix newly discovered
problems. Go to and to
learn more about how to keep your computer secure.

Only open email attachments if you’re expecting them and know what they
contain. Even if the messages look like they came from people you know, they
could be from scammers and contain programs that will steal your personal

Know that phishing can also happen by phone. You may get a call from someone
pretending to be from a company or government agency, making the same kinds of
false claims and asking for your personal information.

If someone contacts you and says you’ve been a victim of fraud, verify the
person’s identity before you provide any personal information. Legitimate credit
card issuers and other companies may contact you if there is an unusual pattern
indicating that someone else might be using one of your accounts. But usually
they only ask if you made particular transactions; they don’t request your
account number or other personal information. Law enforcement agencies might
also contact you if you’ve been the victim of fraud. To be on the safe side, ask
for the person’s name, the name of the agency or company, the telephone number,
and the address. Get the main number from the phone book, the Internet, or
directory assistance, then call to find out if the person is legitimate.

Job seekers should also be careful. Some phishers target people who list
themselves on job search sites. Pretending to be potential employers, they ask
for your social security number and other personal information. Follow the
advice above and verify the person’s identity before providing any personal

Be suspicious if someone contacts you unexpectedly and asks for your personal
information. It’s hard to tell whether something is legitimate by looking at an
email or a Web site, or talking to someone on the phone. But if you’re contacted
out of the blue and asked for your personal information, it’s a warning sign
that something is “phishy.” Legitimate companies and agencies don’t operate that

Act immediately if you’ve been hooked by a phisher. If you provided account
numbers, PINS, or passwords to a phisher, notify the companies with whom you
have the accounts right away. For information about how to put a “fraud alert”
on your files at the credit reporting bureaus and other advice for ID theft
victims, contact the Federal Trade Commission’s ID Theft Clearinghouse, or 877-438-4338, TDD 202-326-2502.

Report phishing, whether you’re a victim or not. Tell the company or agency
that the phisher was impersonating. You can also report the problem to law
enforcement agencies through NCL's Fraud Center, The information you provide helps to stop
identity theft.