"Phishing" is a rapidly growing scam that is performed through email. If you haven't heard of it yet, it's not that complicated and very easy to avoid - you just need to know the facts.
According to the Federal Trade Commission (FTC), "phishers" send an email or pop-up message that claims to be from a business or organization that you deal with – for example, your Internet service provider (ISP), bank, credit card company, or even a government agency.
The message usually says that you need to “update” or “validate” your account information. It might threaten some dire consequence if you don’t respond. The message directs you to a Web site that looks just like a legitimate organization’s site, but it isn’t.
The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.
There are some simple ways to outwit these identity thieves:
- NEVER directly respond to e-mail asking for personal information. If you are a customer of Springfield State Bank, we already have your information and would not ask you to verify via email.
- If you doubt a message's authenticity, verify it by contacting the institution itself.
- Don’t email personal or financial information.Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s Web site, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
- When prompted for a password, give an incorrect one first. A phishing site will accept it; a legitimate one won’t.