ADVERTISEMENT

Don't take the bait when you receive a 'phishing' e-mail

These messages may look legit, but clicking on them can cost you

By Karen Price Mueller

Opening Credits
Columnist Karin Price Mueller
Karin Price Mueller is an award-winning writer with a specialty in personal finance.

Ask a question.

'Opening Credits' stories

Question for the CreditCards.com expert

Dear Opening Credits,
I got an e-mail the other day that appeared to be from my credit card company, and it said that they needed some information from me to update my account. My Social Security number was one of the things they asked for. I haven't had my card very long, and it seemed weird to me. Shouldn't they already have that? Is something funny going on? -- Confused

Answer for the CreditCards.com expert

Dear Confused,
Yes, there is something funny going on, and this is no laughing matter. Don't reply to that e-mail!

The e-mail you received sounds like classic phishing. It's a scam.

Swindlers send out e-mails to unsuspecting consumers, trying to lure them into providing personal data that could be used to steal their identities or to make unauthorized transactions on their accounts. These con artists are fishing -- that's where the name "phishing" comes from -- for your personal information.

For example, say you bank with Bank ABC. You receive an e-mail with the Bank ABC logo on it, saying something like:

  • "We are increasing security to the Bank ABC banking website. In order to access your information and to prevent any disruption to your account, you need to update your information. Click here to confirm your information."
  • "As part of Bank ABC's efforts to regularly verify accounts, we encountered a problem with your account. Please click here to verify your information."
  • "There may be an unauthorized transaction on your account. Click on this link to verify your identity."

When you click the link in that e-mail, you are brought to a site that looks remarkably like the bank's regular site, but in truth, it's a fraud.

These guys are smart. They know thousands and thousands of people do business with big-name financial companies. If they send out enough e-mails, they're sure to hit someone who has an account with the company the fraudsters are impersonating.

You're right -- your credit card issuer should have your Social Security number and all your other personal information on file, and you'd never be asked by a legitimate company to update your information via an e-mail link. Companies that do business online know there are hucksters out there trying to steal information from consumers, and they want to protect their customers. To that effect, if there's a true problem with your account, companies will generally tell you to call them or visit their corporate site directly. They may also try to contact you by snail mail.

Whenever you receive a communication like this one, protect yourself. Start by never clicking on the link in the e-mail. Then, open a fresh browser and type in the address for the authentic company's website. Log in the way you normally do, and you should be able to see if the company needs something from you. (They may place a "notice" at the top of your account page or something like that.) Or simply call them using the phone number on your credit card or monthly statement.

The Federal Trade Commission (FTC) offers other identity theft protection tips for consumers:

  • Do not respond: If the e-mail you receive has a website address or a phone number, don't respond using that contact information. Check your statement for the correct contact information and reach your company that way.
  • Update your computer security: Use and regularly update your anti-virus, anti-spyware and firewall software.
  • Never e-mail personal or financial information: Because there's a risk your information can get in the wrong hands, never send this kind of information in an e-mail. If you've initiated the transaction with a company you trust, the FTC says you should look for indicators that the site is secure, such as a URL for a website that begins with "https:" (The "s" stands for "secure"). Never give out account numbers, credit card numbers or other information via e-mail.
  • Read your statements: Check your account statements regularly to make sure there's no unauthorized activity on your account.
  • Check your credit reports: Check your credit reports regularly to make sure there's no suspicious activity with any of your accounts.
  • Do your part: If you've received a phishing e-mail, forward it to the company that's being impersonated. Most companies have security divisions that investigate fraudulent e-mails, and you can find the e-mail address to which you can report problems on the company's website. You can also file a complaint with the FTC at the FTC's Identity Theft website.

So, Confused, I'm really glad you asked this question. Forward that e-mail to your credit card company's fraud division, and let's hope they can track down the con artists. Maybe someday, if we're all vigilant about sharing information, the joke will be on them.

See related: What phishing is and how to prevent it, New rules force merchants to help fight ID theft, Take these steps to protect yourself from identity theft, ID theft sample letters

Meet CreditCards.com's reader Q&A experts

Does a personal finance problem have you worried? Monday through Saturday, CreditCards.com's Q&A experts answer questions from readers. Ask a question, or click on any expert to see their previous answers.

Published: January 28, 2009


Join the discussion
We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.




Follow Us


Updated: 09-25-2016


Weekly newsletter
Get the latest news, advice, articles and tips delivered to your inbox. It's FREE.


ADVERTISEMENT