Protect Yourself from Phishing E-Mails
Protect Yourself from Phishing E-Mails
STOP, LOOK AND VERIFY any e-mail you receive, even if it looks legitimate, which appears to be from your bank, credit card issuer, online payment service, internet service provider or any vendor over the Internet.
Stop, Look and Verify. A few minutes of time can avoid a host of problems later.
| STOP: | Does it seem urgent? Do not reply or click any link. No matter how urgent, look carefully and verify. |
| LOOK: | Does it request username, password, account, credit card, social security or other personal information by e-mail, website link or pop-up? Legitimate banks and financial institutions have their customers’ account information and do not need it again. |
| VERIFY: | Call or e-mail (only if you have an accurate e-mail address you know is correct) the company directly to verify whether the e-mail and website is really from the company. Do not use links in an e-mail to get to any web page if you question the website. Bank, credit card and other financial institution customers can call telephone numbers on statements. You can also type in their website to access the home page for contact information. |
Additional Source: Department of Justice: Special Report on Phishing, March 2004
Responsible Companies Do No Request Sensitive Information by E-mail! This is the rule! Look at the websites of the companies you do business with on the Internet and find their security policies, and any e-mail or Internet fraud alerts. A web page may already be set up to assist you so you know where to turn if you receive a questionable e-mail.
Phishing e-mails are typically not personalized, while valid messages from your bank or financial institutions typically reference you by name.
Regularly log onto online accounts.
Regularly check all bank, credit and debit card statements to ensure all transactions are legitimate. Contact you financial institution immediately if anything is suspicious.
Communicate only through a secure connection. Avoid filling out forms in email messages that ask for personal financial information. You should only communicate information such as credit card numbers or account information via a secure website or telephone (other than a cell, cellular or wireless telephone as certain telephone communications can be intercepted).
Ensure that you are using a secure a website (https:// and gold padlock) when submitting credit card information or other sensitive information. To make sure you are using a secure server, look for the “s” and check the beginning of the web address in your browser’s address bar- it should be https:// rather than just http://. Also, look for the gold padlock on the Internet browser’s bar. Be aware, however, that this can now be forged. Although there is no guarantee of the website’s legitimacy or security if the “s” and the “gold padlock” are present, the absence of these indicates that the website is definitely not secure.
Ensure your browser is up to date with security patches. Consider reviewing security patches available. For example, people with the Microsoft Internet Explorer browser may go to the Microsoft Security home page–http://www.microsoft.com/security/ –to review and download a special patch relating to certain phishing schemes.
Consider installing a Web browser tool bar to help protect you from known phishing fraud websites. Some sources have recommended EarthLink ScamBlocker, which is part of a free browser toolbar that alerts you before you visit a page that's on Earthlink's list of known fraudulent phisher Web sites.
Its free to all Internet users - download at http://www.earthlink.net/earthlinktoolbar
Report "phishing" e-mails to the following groups:
File a Complaint with the Attorney General
File a complaint with the Internet Crime Complaint Center at ic3.gov
Forward the email to reportphishing@antiphishing.com
Forward the email to the Federal Trade Commission at uce@ftc.gov
Forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com")
When forwarding spoofed messages, always include the entire original email with its original header information intact.