Cyber Security Center

Don't Get Tricked by "Phishing" Emails

Tips

• Add your phone numbers to the national Do Not Call Registry online or by calling 1-888-382-1222. Since February 2008, these registered telephone numbers will no longer expire off the list.
• Examine your credit card and financial institution statements immediately upon receipt to determine whether there were any unauthorized transactions. Report any that you find immediately to the financial institution.

Quarterly

• Place a fraud alert with Equifax every 90 days on your credit file online or by calling 1-800-525-6285. By placing a fraud alert with Equifax, you will automatically have alerts placed at Experian and TransUnion.

Annually

• Each year, you are entitled to one free credit report through Annual Credit Report online or by calling 1-877-322-8228.
• Request a copy of your Social Security statements to be sure that no one else is using your social security number for employment.

Every 5 Years

• Opt-out of pre-screened credit offers by calling 1-888-567-8688 or at the Opt Out Screen website.

Protect your Identity

Identity Theft is the most popular and profitable form of consumer fraud. It occurs when someone uses your personal information such your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes.

Common ways Identity Theft can happen:

• “Old Fashioned” Stealing - Thieves typically steal wallets and purses. They also steal mail such as credit card and bank statements, pre-approved credit card offers, check orders, and other financial mail.
• Dumpster Diving - Thieves dig through trash looking for bills, financial or other personal information.
• Change of Address - Thieves modify or redirect your billing statements to another address by completing a “change of address” form.
• Phishing - Thieves may send unsolicited emails, pretending to be a financial institution or company, asking you to click a link to update or confirm your personal or login information. The link is directed to a “spoof” website designed to look like a legitimate site.
• Skimming - Thieves may use a card reader device to copy the card’s magnetic strip to duplicate without the card owner’s knowledge.

Monitor your accounts

Keep track of transactions on your accounts by logging into your credit card or financial institution’s websites, where you can view your activity as it is posted.

Protect your personal information

• Do not carry your Social Security Card in your wallet.
• Do not have personal information such as your Social Security number and your driver’s license number printed on your checks.
• Keep your new and cancelled checks in a safe place.
• Do not leave your purse, wallet, checkbook, or any other forms of identification in your car.
• Shred or tear up any documents containing banking or credit information, especially pre-approved credit offers, before you throw them away. To opt out of pre-approved credit card offers, call 1-888-567-8688.

Mail & Phone

Learn ways to protect yourself from common fraud schemes.

Vishing

Vishing scams target consumers by “spoofing” text or voicemail messages that ask you to call a phone number and give your personal information. Here’s how it works:

• You receive a “spoof” email or text message about suspicious account activity.
• The text or voicemail will ask you to call a “customer service” number.
• When you call the customer service number, a recording will ask you to provide personal information such as account numbers, passwords, a social security number, or other critical information.
• The recording may not mention the company’s name and could potentially be an indication the call is being used for fraud.
• You can also receive a phone call.
• The call could be a “live” person or a recorded message.
• The call may already have your personal information, which may seem as if the call is legitimate.

Smishing 

Smishing is when consumers’ cell phones and other mobile devices are targeted with mobile spam. The spam, or text messages, attempt to trick consumers into providing personal information. Here’s how it works:

• You receive a fake text message, which may include a fraudulent link, asking you to register for an online service.
• The scammer attempts to load a virus onto your cell phone or mobile device.
• The scammer may also send a message ‘warning’ you that your account will be charged unless you cancel your supposed online order.
• When you attempt to log on to the website, the scammer extracts your credit card number and other personal information.
• In turn, your information is used to duplicate credit, debit, and ATM cards.
• Scammers may also send you a text message again ‘warning’ you that your bank account has been closed due to suspicious activity.
• The text message will ask you to call a ‘customer service’ number to reactivate your account.
• When you call the number, you are taken to an automated voice mail box that prompts you to enter your credit card, debit card or ATM card number, expiration date, and PIN to verify your information.
• Again, your information is used to duplicate credit, debit and ATM cards.

Lottery/Sweepstakes Scams 

Lottery/Sweepstakes scams target consumers by a notification, which arrives through the mail, by email, or by an unsolicited telephone call. Here’s how it works:

• The notification advises you have won a prize, but you did not enter in any type of lottery or sweepstake by the promoter contacting you.
• The promoter will ask you to send payment to cover the cost of redeeming the fake prize.
• In this type of scam, you may rarely if ever receive any winnings in return.

Check Overpayment Scams

Check overpayment scams target consumers who sell items though an online auction site or a classified ad. Here’s how it works:

• The ‘buyer’ writes a counterfeit cashier’s check, money order, corporate or personal check for more than the agreed-upon price.
• The ‘buyer’ asks the seller to wire back the difference after the check has been deposited.
• The check will more than likely bounce and the seller loses the money they 'returned'.

Tips for the Mailbox

• Deposit outgoing mail at the Post Office.
• Remove incoming mail from your personal mailbox as soon as possible, or use a P.O. Box or locked, secure mailbox.
• Request a mail hold from the United States Postal Service or call them at 1-800-275-8777 if you plan to be away from home for an extended period.
• Know your billing cycles. If bills are late or missing, contact your creditors.
• Watch for your new or replacement credit, debit and ATM cards. If you do not receive them, contact your creditors.
• Switch to a more secure way of receiving account statements.

Tips for the Phone

• Do not give out personal information, such as your account numbers, card numbers, Social Security, tax identification numbers, passwords or PINs, unless you have initiated the call.
• Be wary of unsolicited calls requesting your personal information.
• If you ever believe you are not talking to a representative of a legitimate company, hang up and call the number listed on your account statements, on the company website or on your credit, debit, or ATM cards.

Stay Safe Online

Computer Protection Tips

• Update your computer operating system on a regular basis.
• Keep your browser current with the latest security updates.
• Use updated anti-virus software and consider using more than one, to ensure the most thorough scan.
• Change your passwords on a regular basis, as a good practice to help prevent unauthorized access.
• Download free software only from websites that you know and trust.
• Do not install software without knowing exactly what it is or what it will do (read the end-user license agreement).
• Close pop-up ads by clicking on the “X” instead of clicking within the advertisement itself.
• Review your browser security settings and set them to a high enough level to help detect unauthorized downloads. (Click your browser’s “Help” menu for steps.)
• Do not click links inside of spam or suspicious email. Especially emails claiming to offer anti-spyware software.
• Install a personal firewall on your computer. A firewall works like a filter that prevents access to information on your computer.
• Don’t give any of your personal information to any websites that do not use encryption of other secure methods to protect it.

Phishing and Spoofing

Phishing scams target consumers by “spoofing” text or voicemail messages that ask you to call a phone number and give your personal information.

Avoid Spoofed Websites

To protect yourself from going to a spoofed website, always type the correct website address into your browser when you login to your account, instead of clicking on a link in an email.

Email Protection Tips

• Do not click links in emails to log in, or to update or confirm your sensitive information.
• Do not fill out forms in emails.
• Be cautious about opening attachments or downloading files, regardless of who sent them.
• ‘Spam’, or mass email messages, often contain links to phishing websites or other unsavory websites.
• Be wary of emails from people or sources you don’t know or trust.
• Poor grammar and misspelled words from unknown sources asking you for personal information are clear warning signs of a phishing scam.
• Legitimate companies or organizations will never ask you to divulge any personal information over email.
• Phishing emails may also be fake contests or offerings, asking you to input personal information.
• If an offer or email you receive is too good to be true, it most likely is.

Useful Links

• Stop Think Connect
• Stay Safe Online
• Identity Theft
• Do Not Call Registry
• Social Engineering Red Flags (pdf)

What to Do

If you believe that you have been a victim of identity theft, visit the Identity Theft website, the federal government’s one-stop resource to help you report and recover from identity theft.