Legal, Regulatory, and Privacy Issues

Don’t take the bait when you receive a ‘phishing’ e-mail


Legitimate companies don’t ask for your private, personal information via e-mail. Don’t let a logo lure you into a ‘phishing’ scam or in can cost you.

The content on this page is accurate as of the posting date; however, some of our partner offers may have expired. Please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.

Question for the expert

Dear Opening Credits,
I got an e-mail the other day that appeared to be from my credit card company, and it said that they needed some information from me to update my account. My Social Security number was one of the things they asked for. I haven’t had my card very long, and it seemed weird to me. Shouldn’t they already have that? Is something funny going on? — Confused

Answer for the expert

Dear Confused,
Yes, there is something funny going on, and this is no laughing matter. Don’t reply to that e-mail!

The e-mail you received sounds like classic phishing. It’s a scam.

Swindlers send out e-mails to unsuspecting consumers, trying to lure them into providing personal data that could be used to steal their identities or to make unauthorized transactions on their accounts. These con artists are fishing — that’s where the name “phishing” comes from — for your personal information.

See related: What phishing is and how to prevent it, Take these steps to protect yourself from identity theft, ID theft sample letters

For example, say you bank with Bank ABC. You receive an e-mail with the Bank ABC logo on it, saying something like:

  • “We are increasing security to the Bank ABC banking website. In order to access your information and to prevent any disruption to your account, you need to update your information. Click here to confirm your information.”
  • “As part of Bank ABC’s efforts to regularly verify accounts, we encountered a problem with your account. Please click here to verify your information.”
  • “There may be an unauthorized transaction on your account. Click on this link to verify your identity.”

When you click the link in that e-mail, you are brought to a site that looks remarkably like the bank’s regular site, but in truth, it’s a fraud.

These guys are smart. They know thousands and thousands of people do business with big-name financial companies. If they send out enough e-mails, they’re sure to hit someone who has an account with the company the fraudsters are impersonating.

You’re right — your credit card issuer should have your Social Security number and all your other personal information on file, and you’d never be asked by a legitimate company to update your information via an e-mail link. Companies that do business online know there are hucksters out there trying to steal information from consumers, and they want to protect their customers. To that effect, if there’s a true problem with your account, companies will generally tell you to call them or visit their corporate site directly. They may also try to contact you by snail mail.

Whenever you receive a communication like this one, protect yourself. Start by never clicking on the link in the e-mail. Then, open a fresh browser and type in the address for the authentic company’s website. Log in the way you normally do, and you should be able to see if the company needs something from you. (They may place a “notice” at the top of your account page or something like that.) Or simply call them using the phone number on your credit card or monthly statement.

The Federal Trade Commission (FTC) offers other identity theft protection tips for consumers:

  • Do not respond: If the e-mail you receive has a website address or a phone number, don’t respond using that contact information. Check your statement for the correct contact information and reach your company that way.
  • Update your computer security: Use and regularly update your anti-virus, anti-spyware and firewall software.
  • Never e-mailpersonal or financial information: Because there’s a risk your information can get in the wrong hands, never send this kind of information in an e-mail. If you’ve initiated the transaction with a company you trust, the FTC says you should look for indicators that the site is secure, such as a URL for a website that begins with “https:” (The “s” stands for “secure”). Never give out account numbers, credit card numbers or other information via e-mail.
  • Read your statements: Check your account statements regularly to make sure there’s no unauthorized activity on your account.
  • Check your credit reports: Check your credit reports regularly to make sure there’s no suspicious activity with any of your accounts.
  • Do your part: If you’ve received a phishing e-mail, forward it to the company that’s being impersonated. Most companies have security divisions that investigate fraudulent e-mails, and you can find the e-mail address to which you can report problems on the company’s website. You can also file a complaint with the FTC at the FTC’s Identity Theft website.

So, Confused, I’m really glad you asked this question. Forward that e-mail to your credit card company’s fraud division, and let’s hope they can track down the con artists. Maybe someday, if we’re all vigilant about sharing information, the joke will be on them.

Editorial Disclaimer

The editorial content on this page is based solely on the objective assessment of our writers and is not driven by advertising dollars. It has not been provided or commissioned by the credit card issuers. However, we may receive compensation when you click on links to products from our partners.

What’s up next?

In Legal, Regulatory, and Privacy Issues

6 tips for choosing a money club

Looking at joining an existing money club? Here are six factors to consider to make the best match.

See more stories
Credit Card Rate Report Updated: November 25th, 2020
Cash Back

Questions or comments?

Contact us

Editorial corrections policies

Learn more