Avoid Phishing, Prevent Identity Theft
Imagine you have served more than 20 years in the military, received numerous commendations and built up a level of trust with your peers. You have become everything you want to be—perhaps even a bit more—and met every challenge head on and with success.
Then someone steals your identity through a phishing attack, using the good name of a familiar company to gain your information. They use this info for profit while leaving financial devastation in their wake — and all under your name.
Phishing and identity theft go hand-in-hand and are not always easy to identify. In fact, even the most intelligent and cautious of consumers can fall victim. Thankfully, there are things you can do to protect yourself.
The way it works—Phishing is a way to get people to share vital information, usually financial in nature, often through email and occasionally over the phone. The online phisher uses a real logo, and the email address even appears as if it’s from a legitimate and well-known company, while over-the-phone phishers act as if they represent a company you're familiar with. E-bay, PayPal™, Amazon and others have had, and continue to have, their names used by phishers. Even the Better Business Bureau has had its brand stolen and used in phishing scams.
Do companies care this is happening? Yes! A company’s “brand” is more than just its logo. It includes the company’s position in the market (McDonald’s or Walmart), reputation (Rolex or Ferrari), or how a name became the standard for everything else (Kleenex® or Post-It® notes). Many companies spend a great deal of time building their brands, and some brands are, in and of themselves, valued in the billions of dollars.
When someone takes that brand and uses it illegally, it tarnishes the brand’s image and can decrease its value. It can also lead to higher prices for consumers due to legal action, tighter security for websites, or legitimate communications with customers to inform them of an ongoing scam.
Basically, phishing scams cost everyone money, not just their victims.
How to protect yourself
The following are a few ways to protect yourself from phishing scams based upon recommendations from The Anti-Phishing Working Group (APWG), a group of individuals and companies that fight against online fraud.
- The simple things—If you’ve never bought anything from a company (Ebay, for example) chances are you won’t be getting an email from them. But if you have done business with the company and aren’t sure of the email, look for incorrect spellings and poor-quality images often found in phishing schemes.
- No rush—It is highly unlikely that any legitimate company will tell you, without prior warning, to contact them immediately; most will give you a few days to correspond. So beware of email messages that request immediate action, since that could be an indication of a phishing scheme.
- Protect your information—No company will ever ask for your social security number, account number, or password via email or even over the phone; they will only do so from secure sites when online, and will only ask for a simple identifier over the phone (e.g. the last four digits of your social security number, not the whole thing), so don't give it out.
- Ignore the links—If you’re not sure about an email, never click on a link it contains. It is possible to make one website address look like a different one. (For example, it may look like you are on www.yourbank.com, but in reality you are on www.phishersite.com.) Instead, either utilize a bookmark or type in the real site address.
You can find more information on this issue at www.antiphishing.org. And one last piece of advice:
- When all else fails—If you’re not sure what to do, just call the company in question. Odds are they’ll help if it is a real problem, and you can notify them of the phishing scam if it isn't.
Your help is needed
The easiest thing to do is just delete any phishing email you receive. However, doing sowon’t make the problem go away since no one else will know what you received, where it actually came from or who is responsible for it. For this reason, it’s absolutely imperative that consumers report the phishing emails they receive, and it’s quite easy to do:
- Mark it as spam—Most of the large providers (Yahoo!, Hotmail, etc.) have a button you can simply click to notify them the email you received is spam. From there, the sender’s information is entered into a database that can help the email provider stop similar ones in the future.
- Notify your email provider—If you have been absolutely overloaded by phishing emails, contact your email provider directly and report the abusive messages.
- Contact APWG—You can also send the message on to the Anti-Phishing Working Group using the guidelines here on their website.
By reporting these messages, you help build up a database of offenders, provide valuable information that can stop new types of attacks, and save companies and consumers millions of dollars.
Identity theft is one of the most difficult crimes to recover from, and it takes countless hours to track and resolve the problem. As more and more information about us circulates on the Internet—from online shopping to social media—we could fall prey to those who will use our information to ruin our credit. But a lot of ID theft takes place offline, with phone-based phishing and even “dumpster diving” being key ways thieves can steal your information.
Thankfully, there are things we can all do to protect ourselves whether online or off:
- Order a credit report at least once a year—Knowing what is on your credit report can help you catch a problem early and stop the crime from spiraling out of control. The earlier you catch the problem, the easier it will be to correct it. So head to AnnualCreditReport.com to get your copy.
- Watch unused accounts—Experts used to suggest closing unused credit accounts, but because credit scores are partially determined by the amount of credit you have available versus how much you are using, keeping some old (but paid off) accounts open can help your credit. But check on them once or twice a year to make sure they aren’t being used by an ID thief.
- Understand the protections that exist—The Fair and Accurate Credit Transactions Act (FACTA) was written to offer protections against identity theft. Detailed information on this legislation and specific consumer protections it contains can be viewed on the FDIC’s website.
- What to do if you’re a victim—If you ever find yourself a victim (or have been one in the past), contact your local police. Be prepared to provide as much information and documentation as possible to them, and get a copy of the police report. Creditors and credit reporting agencies may require you to show that a crime was committed.
- You’ll also want to report the crime to the Federal Trade Commission (FTC), which collects complaints about identity theft from consumers and stores them in a secure online database called the Consumer Sentinel that is available to law enforcement agencies worldwide. The FTC can also provide additional information on what you need to do as a victim of identify theft. You can contact the FTC’s Consumer Response Center at www.consumer.gov/idtheft/.
- Finally, you’ll want to contact the fraud units of the three credit reporting agencies—Equifax, Experian and Trans Union—and ask them to place a fraud alert on your credit report to help prevent new fraudulent accounts from being opened. In addition, as a victim of identify theft, these agencies are required to provide you with a free copy of your credit report every three months, allowing you to further monitor for illegal activity.
Remember, phishing scams and identity theft can affect anyone at any time—military or civilian, rich or poor, young or old, even company or customer. By taking a few steps to protect your finances and reporting the phishing attempts you do receive, you can keep your finances safe while helping to put phishers out of business.