Keim-web.com

Email users are being bombarded with authentic-looking messages that instruct them to provide sensitive personal information. It’s called “phising.” Individuals who “bite” are exposed to identity theft.

Phishing occurs when a consumer receives a deceptively-legitimate looking email from what appears to be a reputable company. The email asks recipients to update their credit card information or their account will be promptly terminated. Or the message offers a service to protect their credit cards from possible fraud. Or their bank is requesting them to update their information.

Often “phishing” spam messages will use legitimate ‘From:’ email addresses, logos, and links to reputable businesses such as AOL, PayPal, Best Buy, Earthlink and eBay in the message. But the message instructs you to click on a web link that sends you to a fake website where you are asked to provide personal information to the scam artists. Such sites will ask for information such as your name, address, phone number, date of birth, Social Security number (SSN), and bank or credit card account number. Providing this kind of information can leave consumers at risk for identity theft.

Ironically, many such bogus emails prey upon consumers’ fears of being exposed to fraud. They ask for updated credit card account information or other pieces of personal financial information and state that the consumer’s account will be terminated in the near future if the information requested is not provided.

• Don’t trust e-mail headers, which can be forged easily.

• Avoid filling out forms in e-mail messages. You can’t know with certainty where the data will be sent and the information can make several stops on the way to the recipient.

• If you click on a link in an e-mail message from a company be aware that many scam artists are making forgeries of company’s sites that look like the real thing. Verify the legitimacy of a web address with the company directly before submitting your personal information.

• If you go to a link offered in an unsolicited e-mail, check to see if there is an ’s’ after the http in the address and a lock at the bottom of the screen that indicates the link is secure and encrypts data. Though this is not an indication that the site is legitimate, an online form that asks a consumer to submit sensitive personal information should always be encrypted. Scam artists are less likely to have encrypted forms, but if they are trying to elicit personal information, they may take every precaution to make consumers believe their site is secure and therefore, legitimate.

Consumers who receive an email that fits the description of a phishing email should:

• Contact the legitimate company named in the email to confirm whether the request is from them. Most companies do not ask customers to confirm personal information by sending an email.

• If you have provided your personal information in response to a phishing email, you should assume that you will become a victim of identity theft. Follow the steps indicated in our identity theft victims guide, Fact Sheet 17a. If you gave your SSN to the web site, you should place fraud alerts on your 3 credit reports. If you provided your bank account or credit card number, you should cancel that account and open a new one. For more information about how to protect yourself, see our Fact Sheet 17a Identity Theft: What to do if It Happens to You atwww.privacyrights.org/fs/fs17a.htm.

• Read the information and tips put out by the Federal Trade Commission about this scam atwww.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm. Forward the suspicious email to the Federal Trade Commission’s address for unsolicited commercial email,spam@uce.gov You may also want to send the bogus email to the Anti-Phishing Working Group (www.antiphishing.org). Instructions for sending phishing emails to this organization are athttp://www.antiphishing.org/report_phishing.html.
• Notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their website:www1.ifccfbi.gov/cf1.asp

Always be alert to phishing messages. Reputable companies DO NOT , I repeat DO NOT contact their customers and request that they update their files or verify their account or security settings.