The word "Phishing" is used to describe a type of identity theft by which scammers use fake Web sites and e-mails to fish for valuable personal information from consumers. The FBI also is calling it the "hottest and most troubling new scam on the Internet." Even the FDIC's good name was used fraudulently in a phishing scheme. Don't Take the Bait.
In the typical phishing scam, you receive an e-mail supposedly from a company or financial institution you may do business with or from a government agency. The e-mail describes a reason you must "verify" or "re-submit" confidential information such as bank account and credit card numbers, Social Security numbers, passwords and personal identification numbers (PINs) using a return e-mail, a form on a linked Web site, or a pop-up message with the name and even the logo of the company or government agency.
Perhaps you're told that your bank account information has been lost or stolen or that limits may be imposed on your account unless you provide additional details. If you comply, the thieves hiding behind the seemingly legitimate Web site or e-mail can use the information to make unauthorized withdrawals from your bank account, pay for online purchases using your credit card, or even sell your personal information to other thieves.
"These thieves are very good at convincing you that you are receiving a legitimate message or using a Web site from a trusted source," says Michael Benardo, a manager in the FDIC's Technology Supervision Branch.
While federal and state laws and industry practices generally limit dollar losses for unauthorized transfers from accounts, if an ID thief uses your name to commit fraud you are likely to spend sometimes hundreds or thousands of dollars correcting your credit files or otherwise defending yourself. Therefore, it's very important to be on guard against phishing scams and other types of Internet fraud.
Never provide your personal information in response to an unsolicited call, fax, letter, e-mail or Internet advertisement. "If you did not initiate the communication, do not give this information, regardless of how legitimate or genuine these people or entities may appear to be," says William Henley, Jr., an FDIC electronic banking specialist.
If you decide to initiate a transaction with a bank or other entity on the Web, take some simple precautions. Don't provide personal information to a Web site using a link from an e-mail or an Internet advertisement, no matter how legitimate it may appear. "Clicking on a link in an e-mail or an Internet ad is very risky," says Donald Saxinger, another FDIC electronic banking specialist. "You're always safer typing in the URL (Web address) from scratch, assuming you type it in correctly."
The problem with typing a URL incorrectly or guessing about a Web address is that some fraudulent, copycat sites deliberately use URLs that are very similar to, but not the same as, those for well-known companies or government agencies. When contacting your bank, for example, use the phone number or Web address listed on your monthly statements or other literature from the institution.
Quickly report anything suspicious to the proper authorities. Report any questionable e-mail message or Web site to the real bank, company or government agency, using a phone number or e-mail address from a reliable source. Example: If your bank's Web page looks different or unusual, contact the institution directly to confirm that you haven't landed on a copycat Web site set up by criminals.
"Customer inquiries about changes to a Web site are one of the most prevalent ways that banks and other organizations are finding out about unauthorized sites containing the look and feel of a legitimate Web site," says Paul Onischuk, also an FDIC electronic banking specialist. And if you're pretty sure an e-mail or Web site is fraudulent, contact the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center.
What if you believe you're already a victim of ID theft, perhaps because you submitted personal information in response to a suspicious, unsolicited e-mail or you spotted unauthorized charges on your credit card? Immediately contact your financial institution and, if necessary, close existing accounts and open new ones.
Also contact the police and request a copy of any police report or case number for later reference. In addition, call the three major credit bureaus (Equifax at 800-525-6285, Experian at 888-397-3742 and TransUnion at 800-680-7289) to request that a fraud alert be placed on your credit report.
Quite often a consumer receives an e-mail which appears to originate from a financial institution, government agency, or other well-known reputable entity. The message describes an urgent reason you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message. The provided link appears to be the Web site of the financial institution, government agency or other well-known reputable entity, but in "phishing" scams, the Web site belongs to the fraudster scammer.
Once inside the fraudulent Web site, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth. When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person's identity.
Since January 23, 2004, criminals have been using the FDIC's name and reputation to perpetrate various phishing schemes. It is important to note that the FDIC will never ask for personal or confidential information in this manner. See the FDIC Privacy Policy for further information.
If you suspect an e-mail or Web site is fraudulent, please report this information to the real bank, company or government agency, using a phone number or e-mail address from a reliable source. Example: If your bank's Web page looks different or unusual, contact the institution directly to confirm that you haven't landed on a copycat Web site set up by criminals, you can contact the Internet Crime Complaint Center a partnership between the FBI and the National White Collar Crime Center.
If you suspect that you have been a victim of identity theft, perhaps because you submitted personal information in response to a suspicious, unsolicited e-mail or you see unauthorized charges on your credit card, immediately contact your financial institution and, if necessary, close existing accounts and open new ones.
Also contact the police and request a copy of any police report or case number for later reference. In addition, call the three major credit bureaus (Equifax at 800-525-6285, Experian at 888-397-3742 and TransUnion at 800-680-7289) to request that a fraud alert be placed on your credit report.
