What is Phishing and how do I avoid it?
Phishing is a form of online identity theft in which fraudsters trick Internet users into submitting personal information to illegitimate web sites.
Phishing scams are usually presented in the form of spam or pop-ups and are often difficult to detect. Once the fraudsters obtain your personal information, they can use it for all types of identity theft, putting your good credit and good name at risk.
Some computer users (and even some IT professionals) have been confused about the definition of a "phishing" attack. What exactly is a phishing attack? A phishing attack is when you receive an official-looking e-mail from an online banking or financial institution – it could even be eBay or PayPal, or any other service that deals with money. The email states that you should click a link and confirm your login and password to this particular institution (or enter your account number or credit card number).
As soon as you click on the link, you are sent to a Web page that looks remarkably similar to the company's real Web site, but it's not the company's real Web site. What is happening is that you are sent to a fake page that is controlled by the criminal who is behind the phishing scheme. As soon as you type your login\password or account information or credit card number, the thieves or hackers capture the information and then commit identity theft by using your credit card or stealing money from your account.
Because phishing is one of the most devious forms of identity theft, it is important for you to become familiar with various types of phishing scams as well as to learn how to guard against them.
Here are some tips for avoiding and dealing with phishing attempts...
- Stop, Look and Call - The Department of Justice advises users to "Stop, Look and Call" if they receive a suspicious email.
Stop : Resist the urge to immediately respond to a suspicious email, no matter how urgent the claims seem. These criminals try to upset you into acting quickly by threatening you with frightening information.
Look : Read the text of the email thoroughly several times. Ask yourself why this information is being requested. Remember, any company or financial institution you are currently doing business with would already have this information and would not need to request it.
Call : Telephone the organization identified. Use a phone book or call the phone company's information number (411) for the phone number to make sure it is legitimate.
- Be especially cautious of emails that:
1. Come from unrecognized senders
2. Ask you to confirm personal or financial information over the Internet and/or make urgent requests for this information.
3. Are not personalized.
4. Have misspellings in the subject. (A fair number of these attempts come from foreign countries where English may not be their first language)
5. Come from recognized senders but have subjects that seem strange or out of character.
6. Strike you as odd or wrong. Trust your gut. If it feels wrong contact the sender but do not use links inside the suspicious e-mail as they may not be legitimate.
- Do not click on links, download files or open attachments in emails from unknown senders - It is best to open attachments only when you are expecting them and know what they contain, even if you know the sender
- Never email personal or financial information, even if you are close with the recipient. You never know who may gain access to your email account, or to the person's account to whom you are emailing
- Beware of links in emails that ask for personal information, even if the email appears to come from an enterprise you do business with. Phishing web sites often copy the entire look of a legitimate web site, making it appear authentic. To be safe, call the legitimate enterprise first to see if they really sent that email to you. After all, businesses should not request personal information to be sent via email.
- If you suspect a web site might be false, supply an incorrect password first. A bogus web site will accept it, but a legitimate one won't.
- Protect your computer with appropriate security software such as Virus Protection Software, Malware Protection Software and a Firewall. You'll also want to make sure you keep your software up-to-date.
- Beware of Pop-ups. Never enter personal information in a pop-up screen. Do not click on links in a pop-up screen. Do not copy web addresses into your browser from pop-ups. If you can avoid clicking on them at all. Try shutting them down by right-clicking on your task bar and closing them or by opening Task Manager and closing them that way.
Bank of Brodhead will never ask you to provide, update or verify personal or account information through unsolicited email or text message, such as:
Social Security Number
Credit or Debit Card Numbers
Personal Identification Number (PIN)
Online Banking User ID or Password
You can report a suspicious email that uses the Bank of Brodhead logo or name by contacting our Customer Service department at (608)897-2121.
Please Contact Customer Service at (608)897-2121 if you have questions or we can help you in any way.