Don't take the bait when you receive a 'phishing' e-mail

These messages may look legit, but clicking on them can cost you

By Karin Price Mueller

Opening Credits

Karin Price Mueller is an award-winning writer with a specialty in personal finance. Ask a question. 'Opening Credits' stories

Dear Opening Credits,
I got an e-mail the other day that appeared to be from my credit card company, and it said that they needed some information from me to update my account. My Social Security number was one of the things they asked for. I haven't had my card very long, and it seemed weird to me. Shouldn't they already have that? Is something funny going on? -- Confused

Dear Confused,
Yes, there is something funny going on, and this is no laughing matter. Don't reply to that e-mail!

The e-mail you received sounds like classic phishing. It's a scam.

Swindlers send out e-mails to unsuspecting consumers, trying to lure them into providing personal data that could be used to steal their identities or to make unauthorized transactions on their accounts. These con artists are fishing -- that's where the name "phishing" comes from -- for your personal information.

For example, say you bank with Bank ABC. You receive an e-mail with the Bank ABC logo on it, saying something like:

• "We are increasing security to the Bank ABC banking Web site. In order to access your information and to prevent any disruption to your account, you need to update your information. Click here to confirm your information."
• "As part of Bank ABC's efforts to regularly verify accounts, we encountered a problem with your account. Please click here to verify your information."
• "There may be an unauthorized transaction on your account. Click on this link to verify your identity."

When you click the link in that e-mail, you are brought to a site that looks remarkably like the bank's regular site, but in truth, it's a fraud.

These guys are smart. They know thousands and thousands of people do business with big-name financial companies. If they send out enough e-mails, they're sure to hit someone who has an account with the company the fraudsters are impersonating.

You're right -- your credit card issuer should have your Social Security number and all your other personal information on file, and you'd never be asked by a legitimate company to update your information via an e-mail link. Companies that do business online know there are hucksters out there trying to steal information from consumers, and they want to protect their customers. To that effect, if there's a true problem with your account, companies will generally tell you to call them or visit their corporate site directly. They may also try to contact you by snail mail.

Whenever you receive a communication like this one, protect yourself. Start by never clicking on the link in the e-mail. Then, open a fresh browser and type in the address for the authentic company's Web site. Log in the way you normally do, and you should be able to see if the company needs something from you. (They may place a "notice" at the top of your account page or something like that.) Or simply call them using the phone number on your credit card or monthly statement.

The Federal Trade Commission (FTC) offers other identity theft protection tips for consumers:

• Do not respond: If the e-mail you receive has a Web site address or a phone number, don't respond using that contact information. Check your statement for the correct contact information and reach your company that way.
• Update your computer security: Use and regularly update your anti-virus, anti-spyware and firewall software.
• Never e-mail personal or financial information: Because there's a risk your information can get in the wrong hands, never send this kind of information in an e-mail. If you've initiated the transaction with a company you trust, the FTC says you should look for indicators that the site is secure, such as a URL for a Web site that begins with "https:" (The "s" stands for "secure"). Never give out account numbers, credit card numbers or other information via e-mail.
• Read your statements: Check your account statements regularly to make sure there's no unauthorized activity on your account.
• Check your credit reports: Check your credit reports regularly to make sure there's no suspicious activity with any of your accounts.
• Do your part: If you've received a phishing e-mail, forward it to the company that's being impersonated. Most companies have security divisions that investigate fraudulent e-mails, and you can find the e-mail address to which you can report problems on the company's Web site. You can also file a complaint with the FTC at the FTC's Identity Theft Web site.

So, Confused, I'm really glad you asked this question. Forward that e-mail to your credit card company's fraud division, and let's hope they can track down the con artists. Maybe someday, if we're all vigilant about sharing information, the joke will be on them.

See related: What phishing is and how to prevent it, New rules force merchants to help fight ID theft, Take these steps to protect yourself from identity theft, ID theft sample letters

Karin's money makeover column "Get With The Plan" can be seen every Sunday in "The Star-Ledger" and "The Trenton Times." She also hosts and writes "Money 911," a multimedia series for MSN Money. Before writing became her main focus, Mueller was the executive producer of CNBC's The Money Club, where she led the team that won the network's first ever Cable ACE Award for Business and Consumer Programming. Mueller lives in New Jersey with her husband, three kids, one guinea pig and one leopard gecko. Whatever they don't eat goes into her retirement savings accounts. A comprehensive archive of her writings is available on her Web site, www.KarinPriceMueller.com.

Send your question to Karin.

Published: January 28, 2009

	Three most recent Opening Credits stories: 3 easy steps to simplify your financial life – Sick of living in financial chaos? Get it all under control without outside help. Here are three steps to get you on your way ... 3 ways to rebuild your credit after wage garnishment – Consistent, timely student loan payments made via wage garnishment don't reflect positively on a credit report. But there are a few steps you can take to improve your standing ... Clear a minor of responsibility for card debt in 5 steps – A worried grandparent wants to know how she can make sure that her grandson isn't held liable for debt on a credit card that his mother got in his name ...

	CreditCards.com's newsletter Did you like this story? Then sign up for CreditCards.com’s weekly e-newsletter for the latest news, advice, articles and tips. It's FREE. Once a week you will receive the top credit card industry news in your inbox. Sign up now!