Hook, Line & Stinker

Don't get reeled in by phishing scams

In a phishing scam, a criminal sends you an email message that appears to come from a legitimate source, like your bank or some other reputable company. The message, which may look very authentic, instructs you to follow an enclosed Web link -- usually to "confirm your account" or "verify your information immediately." But the link actually sends you on to a counterfeit Web site that looks like the real one.

Don't click that link! You could be giving away the keys to your financial accounts, your personal information, and your computer.

And if you're already confident that you can recognize a fake... think again. A recent cyber security study revealed that consumers are overconfident about identifying online scams. While 87 percent of consumers polled said they were sure they could recognize fraudulent emails, 61 percent failed to identify a legitimate email. It's simply very difficult to tell the difference, even for experienced computer users.

That's because in recent years, criminals have gotten much more sophisticated with their phishing scams. At one time, fraudulent email messages or pop-up advertisements were full of typos and grammatical errors, obviously incorrect Web links, and fake-looking graphics, so an imitation was much easier to spot.

But now, phony messages often look incredibly real, with accurate logos and no noticeable errors. Even the return email address and Web links look credible.

How to avoid falling for a phishing scam -- and protect your loved ones, too

To be safe, simply never click the links provided in emails or pop-up messages asking you to verify your information. And make sure you remind teens and seniors not to take the bait, either.

It's particularly important to help older computer users understand phishing. According to fraud.org, among the top 10 Internet scams in 2005, phishing victimized the most consumers over age 60.

Criminals target senior citizens because they may be less familiar with the Internet and tend to be more trusting than younger computer users.

Phishing tactics

You can protect yourself by understanding what kinds of information phishers might request from you.

Phishing messages usually claim that you need to "confirm your account" or "verify your identity immediately" because your account is expiring or about to be closed. Or, the message may claim the company's "systems are being updated." Many times the claim is followed by the assertion that something bad may happen if you do not comply.

Don't believe it. Be particularly suspicious if the information requested from you includes your password, credit card number, bank account information, or Social Security number. Such requests are a red flag.

Remember: Legitimate companies, agencies, and organizations don't ask for personal information via email or pop-up screens!

But what if the message is real?

So, what if you aren't sure whether the message is real, and you're afraid your bank or another company has sent you a legitimate email you need to respond to?

If you are concerned that a message might be legitimate, contact the company directly. Either give them a call to see if you really do need to take the action described in the email message, or go directly to the company's Web site -- but not through the link provided! Don't cut and paste the link from the message into your Internet browser, either -- phishers can make a link appear to point to one address, when it actually sends you to a different site.

Instead, manually type the company's official URL into your Internet browser, or if you aren't sure of its real Web address, go to a search engine such as Google and search for the company by name there.

Remember, as the UVA Community Credit Union says: When you contact us, we need to verify who you are. When we contact you, we already know!

Report it!

Taking the extra step to forward a fraudulent message to the company, bank, or organization impersonated in the phishing email before you delete it will help protect yourself, your fellow consumers, and the companies being spoofed.

Many companies and organizations have an email address to which you can forward the fraudulent email. For example, PayPal is a common target of phishing scammers, so if you receive a fake email claiming to be from PayPal, you can forward it to spoof@paypal.com. Most organizations have information on their Websites about where to report scams.

You can also report phishing and other Internet fraud to the Federal Trade Commission (FTC) by forwarding the message to spam@uce.gov or by filling out the online Consumer Complaint Form.

And finally, you can send details to the Anti-Phishing Working Group at reportphishing@antiphishing.org, which is building a database of common scams to which people can refer.

Once you've reported a phishing message, get rid of it. Close the pop-up window (and consider installing some pop-up blocker software!) or delete the fraudulent email message and then empty it from your trash folder.