Here’s How Phishing Works
In a typical case, you’ll receive an e-mail that appears to
come from a reputable company that you recognize and do business
with, such as your financial institution. In some cases, the
e-mail may appear to come from a government agency, including
one of the federal financial institution regulatory agencies.
The e-mail will probably warn you of a serious problem that
requires your immediate attention. It may use phrases, such as
“immediate attention required”, or “Please contact us
immediately about your account”. The e-mail will then encourage
you to click on a button to go to the institution’s website.
In a phishing scam, you could be redirected to a phony
website that may look exactly like the real thing. Sometimes, in
fact, it may be the company’s actual website. In those cases a
pop-up window will quickly appear for the purpose of harvesting
your financial information.
In either case, you may be asked to update your account
information or to provide information for verification purposes:
your Social Security number, your account number, your password,
or the information you use to verify your identity when speaking
to a real financial institution, such as your mother’s maiden
name or your place of birth.
If you provide the requested information, you may find
yourself the victim of identity theft.
How to Protect Yourself
Never provide your personal information in response to an
unsolicited request, whether it is over the phone or over the
internet. E-mails and internet pages created by phishers may
look exactly like the real thing. They may even have a fake
padlock icon that ordinarily is used to denote a secure site. If
you did not initiate the communication, you should not provide
If you believe the contact may be legitimate, contact the
financial institution yourself. You can find phone numbers
and websites on the monthly statements you receive from your
financial institution, or you can look the company up in a phone
book or on the internet. The key is that you should be the one
to initiate the contact, using contact information that you have
Never provide your password over the phone or in response
to an unsolicited internet request. A financial institution
would never ask you to verify your account information online.
Thieves armed with this information and your account number can
help themselves to your savings.
Review account statements regularly to ensure all charges
are correct. If your account statement is late in arriving,
call your financial institution to find out why. If your
financial institution offers electronic account access,
periodically review activity online to catch suspicious
What to do if You Fall Victim
Contact your financial institution immediately to alert it to
If you have disclosed sensitive information in a phishing
attack, you should also contact one of the three major credit
bureaus and discuss whether you need to place a fraud alert on
your file, which will help prevent thieves from opening a new
account in your name. Here is the contact information for each
bureau’s fraud division:
P.O. Box 740250
Atlanta, GA 30374
P.O. Box 1017
P.O. Box 6790
Fullerton, CA 92634
Report all suspicious contacts to the Federal Trade
Commission through the Internet at
www.consumer.gov/idtheft, or by calling 1-877-IDTHEFT.