Don't take the bait when you receive a 'phishing' e-mail
These messages may look legit, but clicking on them can cost you
By Karen Price Mueller | Published: January 28, 2009
Dear Opening Credits,
I got an e-mail the other day that appeared to be from my credit card company, and it said that they needed some information from me to update my account. My Social Security number was one of the things they asked for. I haven't had my card very long, and it seemed weird to me. Shouldn't they already have that? Is something funny going on? -- Confused
Yes, there is something funny going on, and this is no laughing matter. Don't reply to that e-mail!
The e-mail you received sounds like classic phishing. It's a scam.
Swindlers send out e-mails to unsuspecting consumers, trying to lure them into providing personal data that could be used to steal their identities or to make unauthorized transactions on their accounts. These con artists are fishing -- that's where the name "phishing" comes from -- for your personal information.
For example, say you bank with Bank ABC. You receive an e-mail with the Bank ABC logo on it, saying something like:
- "We are increasing security to the Bank ABC banking website. In order to access your information and to prevent any disruption to your account, you need to update your information. Click here to confirm your information."
- "As part of Bank ABC's efforts to regularly verify accounts, we encountered a problem with your account. Please click here to verify your information."
- "There may be an unauthorized transaction on your account. Click on this link to verify your identity."
When you click the link in that e-mail, you are brought to a site that looks remarkably like the bank's regular site, but in truth, it's a fraud.
These guys are smart. They know thousands and thousands of people do business with big-name financial companies. If they send out enough e-mails, they're sure to hit someone who has an account with the company the fraudsters are impersonating.
You're right -- your credit card issuer should have your Social Security number and all your other personal information on file, and you'd never be asked by a legitimate company to update your information via an e-mail link. Companies that do business online know there are hucksters out there trying to steal information from consumers, and they want to protect their customers. To that effect, if there's a true problem with your account, companies will generally tell you to call them or visit their corporate site directly. They may also try to contact you by snail mail.
Whenever you receive a communication like this one, protect yourself. Start by never clicking on the link in the e-mail. Then, open a fresh browser and type in the address for the authentic company's website. Log in the way you normally do, and you should be able to see if the company needs something from you. (They may place a "notice" at the top of your account page or something like that.) Or simply call them using the phone number on your credit card or monthly statement.
The Federal Trade Commission (FTC) offers other identity theft protection tips for consumers:
- Do not respond: If the e-mail you receive has a website address or a phone number, don't respond using that contact information. Check your statement for the correct contact information and reach your company that way.
- Update your computer security: Use and regularly update your anti-virus, anti-spyware and firewall software.
- Never e-mail personal or financial information: Because there's a risk your information can get in the wrong hands, never send this kind of information in an e-mail. If you've initiated the transaction with a company you trust, the FTC says you should look for indicators that the site is secure, such as a URL for a website that begins with "https:" (The "s" stands for "secure"). Never give out account numbers, credit card numbers or other information via e-mail.
- Read your statements: Check your account statements regularly to make sure there's no unauthorized activity on your account.
- Check your credit reports: Check your credit reports regularly to make sure there's no suspicious activity with any of your accounts.
- Do your part: If you've received a phishing e-mail, forward it to the company that's being impersonated. Most companies have security divisions that investigate fraudulent e-mails, and you can find the e-mail address to which you can report problems on the company's website. You can also file a complaint with the FTC at the FTC's Identity Theft website.
So, Confused, I'm really glad you asked this question. Forward that e-mail to your credit card company's fraud division, and let's hope they can track down the con artists. Maybe someday, if we're all vigilant about sharing information, the joke will be on them.
Meet CreditCards.com's reader Q&A expertsDoes a personal finance problem have you worried? Monday through Saturday, CreditCards.com's Q&A experts answer questions from readers. Ask a question, or click on any expert to see their previous answers.
- Q&A: Is a signature required for a new card application? – There are several ways to apply for a new card, including how you sign the application ...
- Steps to take when a fraudster opens a card in your name – A mysterious card statement that shows up in your name with a balance on it means you have to take action ...
- Q&A: How to raise credit score after student loan is rehabilitated – After a student loan default and rehab, the negative mark should disappear after 7 years, but you need additional positive credit lines contributing to your credit to rebuild a good score ...