The word "Phishing" is used to describe a type of identity theft by which scammers use fake Web sites and e-mails to fish for valuable personal information from consumers. The FBI also is calling it the "hottest and most troubling new scam on the Internet." Even the FDIC's good name was used fraudulently in a phishing scheme. Don't Take the Bait.
In the typical phishing scam, you receive an e-mail supposedly from a company or financial institution you may do business with or from a government agency. The e-mail describes a reason you must "verify" or "re-submit" confidential information such as bank account and credit card numbers, Social Security numbers, passwords and personal identification numbers (PINs) using a return e-mail, a form on a linked Web site, or a pop-up message with the name and even the logo of the company or government agency.
Perhaps you're told that your bank account information has been lost or stolen or that limits may be imposed on your account unless you provide additional details. If you comply, the thieves hiding behind the seemingly legitimate Web site or e-mail can use the information to make unauthorized withdrawals from your bank account, pay for online purchases using your credit card, or even sell your personal information to other thieves.
"These thieves are very good at convincing you that you are receiving a legitimate message or using a Web site from a trusted source," says Michael Benardo, a manager in the FDIC's Technology Supervision Branch.
While federal and state laws and industry practices generally limit dollar losses for unauthorized transfers from accounts, if an ID thief uses your name to commit fraud you are likely to spend sometimes hundreds or thousands of dollars correcting your credit files or otherwise defending yourself. Therefore, it's very important to be on guard against phishing scams and other types of Internet fraud.
Never provide your personal information in response to an unsolicited call, fax, letter, e-mail or Internet advertisement. "If you did not initiate the communication, do not give this information, regardless of how legitimate or genuine these people or entities may appear to be," says William Henley, Jr., an FDIC electronic banking specialist.
If you decide to initiate a transaction with a bank or other entity on the Web, take some simple precautions. Don't provide personal information to a Web site using a link from an e-mail or an Internet advertisement, no matter how legitimate it may appear. "Clicking on a link in an e-mail or an Internet ad is very risky," says Donald Saxinger, another FDIC electronic banking specialist. "You're always safer typing in the URL (Web address) from scratch, assuming you type it in correctly."
The problem with typing a URL incorrectly or guessing about a Web address is that some fraudulent, copycat sites deliberately use URLs that are very similar to, but not the same as, those for well-known companies or government agencies. When contacting your bank, for example, use the phone number or Web address listed on your monthly statements or other literature from the institution.