| | How
to avoid phishing scams
|
From the Anti-Phishing Working
Group
The number and sophistication of phishing scams sent out
to consumers is continuing to increase dramatically. While online banking and
e-commerce is very safe, as a general rule you should be careful about giving
out your personal financial information over the Internet. The Anti-Phishing Working
Group has compiled a list of recommendations below that you can use to avoid becoming
a victim of these scams.
- Be suspicious of any email with urgent requests
for personal financial information
- unless the email is digitally signed,
you can't be sure it wasn't forged or 'spoofed'
- phishers typically include
upsetting or exciting (but false) statements in their emails to get people to
react immediately
- they typically ask for information such as usernames,
passwords, credit card numbers, social security numbers, etc.
- phisher
emails are typically NOT personalized, while valid messages from your bank or
e-commerce company generally are
- Don't use the links
in an email to get to any web page, if you suspect the message might not be authentic
- instead, call the company on the telephone, or log onto the website directly
by typing in the Web adress in your browser
- Avoid
filling out forms in email messages that ask for personal financial information
- you should only communicate information such as credit card numbers
or account information via a secure website or the telephone
-
Always ensure that you're using a secure website when submitting credit card or
other sensitive information via your Web browser
- to make sure you're
on a secure Web server, check the beginning of the Web address in your browsers
address bar - it should be "https://" rather than just "http://"
- Consider installing a Web browser tool bar to help
protect you from known phishing fraud websites
- EarthLink ScamBlocker
is part of a free browser toolbar that alerts you before you visit a page that's
on Earthlink's list of known fraudulent phisher Web sites.
- Its free to
all Internet users - download at http://www.earthlink.net/earthlinktoolbar
- Regularly
log into your online accounts
- don't leave it for as long as a month
before you check each account
- Regularly check your
bank, credit and debit card satements to ensure that all transactions are legitimate
- if anything is suspicious, contact your bank and all card issuers
-
Ensure that your browser is up to date and security patches applied
- in
particular, people who use the Microsoft Internet Explorer browser should immediately
go to the Microsoft Security home page -- http://www.microsoft.com/security/ --
to download a special patch relating to certain phishing schemes
-
Always report "phishing" or “spoofed” e-mails to the following groups:
-
forward the email to reportphishing@antiphishing.com
- forward the email to the Federal Trade Commission at spam@uce.gov
- forward the email to the "abuse" email address at the company that is
being spoofed (e.g. "spoof@ebay.com")
- when forwarding spoofed messages,
always include the entire original email with its original header information
intact
- notify the Internet Fraud Complaint Center of the FBI by filing
a complaint on their website: www.ifccfbi.gov/
|
|
Consumer Advice:
What To Do If You've
Given Out Your Personal Financial Information
Phishing attacks are growing quite sophisticated and difficult
to detect, even for the most technically savvy people. And many
people are getting onto the Internet and using email or Web browsers
for the first time. As a result, some people are going to continue
to be fooled into giving up their personal financial information
in response to a phishing email or on a phishing website. If you
have been tricked this way, you should assume that you will become
a victim of credit card fraud, bank fraud, or identity theft.
Below is some advice on what to do if you are in this situation
(note - some of this information is specific to United States
federal laws):
|
If
you have given out your credit or debit or ATM card information |
- Report the theft of this information to the card issuer as
quickly as possible
- Many companies have toll-free numbers and 24-hour service
to deal with such emergencies.
- Cancel your account and open a new one
- Review your billing statements carefully after the loss
- If they show any unauthorized charges, it's best to send
a letter to the card issuer describing each questionable
charge.
- Credit Card Loss or Fraudulent Charges (FCBA).
- Your maximum liability under federal law for unauthorized
use of your credit card is $50.
- If the loss involves your credit card number, but not
the card itself, you have no liability for unauthorized
use
- ATM or Debit Card Loss or Fraudulent Transfers (EFTA).
- Your liability under federal law for unauthorized use
of your ATM or debit card depends on how quickly you report
the loss.
- You risk unlimited loss if you fail to report an unauthorized
transfer within 60 days after your bank statement containing
unauthorized use is mailed to you
|
If
you have given out your bank account information |
- Report the theft of this information to the bank as quickly
as possible
- Cancel your account and open a new on
|
If
you have given out your eBay account |
|
If someone else is using your account to bid, leave feedback,
or list auctions without your permission:
- Contact eBay
- eBay has set up a link for HIJACKED
ACCOUNTS
- If someone is currently listing auctions on your account, you
may also use the hotline options:
- Member Problems... Law Enforcement...
Please Investigate a Current Listing for Possible Fraudulent Activity
- Please only use this option if there are current fraudulent auctions.
- Attempt
to sign in and change your password
- If you are able to sign in, change
your password and hint immediately, and begin to undo any damage done by the hackers
- remove any bogus auctions, contact bidders and sellers, etc.
- If
you were unable to regain control of your own account, eBay will likely suspend
it for a while until they complete their investigatio
|
If
you have downloaded a virus or Trojan |
|
Some phishing attacks use viruses and/or Trojans to install programs
called "key loggers" on your computer. These programs
capture and send out any information that you type to the phisher,
including credit card numbers, usernames and passwords, Social
Security Numbers, etc. In this case, you should:
- Install and/or
update anti-virus and personal firewall software
- Update all virus definitions
and run a full scan
- Confirm every connection your firewall allows
- If
your system appears to have been compromised, fix it and then change your password
again, since you may well have transmitted the new one to the hacker
-
Check your other accounts! The hackers may have helped themselves to many different
accounts:
- Check your eBay account, PayPal, your email ISP, online bank
accounts, online trading accounts, Amazon.com and other e-commerce accounts, and
everything else for which you use online password
|
|
If
you have given out your personal identification information |
|
Identity theft occurs when someone uses your personal information
such as your name, Social Security number, credit card number
or other identifying information, without your permission to commit
fraud or other crimes. If you have given out this kind of information
to a phisher, you should do the following:
- Report the theft to the three major credit reporting agencies, Experian, Equifax
and TransUnion Corporation, and do the following:
- Request that they place
a fraud alert and a victim’s statement in your file.
- Request a FREE copy
of your credit report to check whether any accounts were opened without your consent.
- Request that the agencies remove inquiries and/or fraudulent accounts
stemming from the theft.
- Major Credit Bureaus
- Equifax
- www.equifax.com
- To order your report, call: 800-685-1111 or write:
P.O. Box 740241, Atlanta, GA 30374-0241
- To report fraud, call: 800-525-6285
and write: P.O. Box 740241, Atlanta, GA 30374-0241
- Hearing impaired call
1-800-255-0056 and ask the operator to call the Auto Disclosure Line at 1-800-685-1111
to request a copy of your report.
- Experian - www.experian.com
- To order your report, call: 888-EXPERIAN (397-3742) or write: P.O. Box
2002, Allen TX 75013
- To report fraud, call: 888-EXPERIAN (397-3742) and
write: P.O. Box 9530, Allen TX 75013 TDD: 1-800-972-0322
- Trans
Union - www.transunion.com
- To order your report, call: 800-888-4213 or
write: P.O. Box 1000, Chester, PA 19022
- To report fraud, call: 800-680-7289
and write: Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92634
TDD: 1-877-553-7803
- Notify your bank(s) and ask them
to flag your account and contact you regarding any unusual activity:
- If
bank accounts were set up without your consent, close them.
- If your ATM
card was stolen, get a new card, account number and PIN.
- Contact
your local police department to file a criminal report.
- Contact the
Social Security Administration’s Fraud Hotline to report the unauthorized use
of your personal identification information.
- Notify the Department of
Motor Vehicles of your identity theft.
- Check to see whether an unauthorized
license number has been issued in your name.
- Notify the passport
office to be watch out for anyone ordering a passport in your nameFile a complaint
with the Federal Trade Commission.
- Ask for a free copy of "ID Theft:
When Bad Things Happen in Your Good Name", a guide that will help you guard
against and recover from your theft.
- File a complaint with
the Internet Fraud Complaint Center (IFCC)
- http://www.ifccfbi.gov/index.asp
- The Internet Fraud Complaint Center (IFCC) is a partnership between the
Federal Bureau of Investigation (FBI) and the National White Collar Crime Center
(NW3C), with a mission to address fraud committed over the Internet.
- For
victims of Internet fraud, IFCC provides a convenient and easy-to-use reporting
mechanism that alerts authorities of a suspected criminal or civil violation.
- Document the names and phone numbers of everyone you speak
to regarding the incident. Follow-up your phone calls with letters. Keep copies
of all correspondence.
|
For
More Information | | |
|
Click
here to return to the DEVJOBS Home Page
|
