Phishing is a slang term used to describe how criminals trick consumers into divulging sensitive information such as bank or credit card account numbers or passwords. These criminals may send you an email, show you a popup online, or call you and claim that they represent a business and that they need you to update or confirm or validate sensitive information. Sometimes they threaten consequences if you don't divulge this information. No matter how innocent phishing sounds, it allows criminals to put a nasty hook into your personal information. Basically, phishing is a criminal enterprise which uses phony email messages and fake websites to steal personal information — the kind of information that leads to identity theft.
How Phishing Works
A typical phishing scam, or spoof, works like this:
- You receive an email message claiming to be from a well-known company with important information about your account;
- The message urges you to take action — even warning of possible account suspension — and includes a link to the company's website;
- The website instructs you to update or verify certain personal information, such as your password, credit card number or Social Security number.
While the email and website appear to be legitimate, they are bogus and exist only to steal your information.
Tips to Avoid Phishing Scams
Avoid getting spoofed. Keep these simple tips in mind to protect your personal and account information:
- If you receive an email or pop-up message that asks for personal or financial information, do not reply. Legitimate companies do not ask for this information via email. Never use email to send sensitive, personal, or financial information. Email is not secure.
- Do not click on any link in an unsolicited or suspicious email. You may check each link by rolling your mouse over it. (Your email program or browser should display the address.) If you have a concern about your account, open a new web browser, type in the company's address and log in to your account as you normally would. If there is an urgent matter related to your account, you'll probably see it there.
- Only use secure websites for sensitive personal data. (A secure website has an address that begins with https and the browser will display a padlock icon.)
- Do not provide sensitive information to callers; call the business back at a number documented on bills or other business documents.
- Spoofs try to create urgency by warning of account suspension if the information is not updated or confirmed by a specific date. Most companies do not treat customers this way.
To make your Internet experience more secure, consider these suggestions, in addition to those above:
- Use anti-virus and anti-spyware software and a firewall.
- Update these security programs, your browser, and your operating system regularly.
- Find out more at OnGuard Online
Tips on Authenticating Websites
Where am I? On the Internet you may not be where you think you are. Fraudsters can create fake sites that seem entirely authentic. To combat this, most businesses provide a way for you to authenticate that you are where you think you are. GEICO employs Trustwave to authenticate the website.
If you click on the Trustwave logo, it will tell you the site is registered to GEICO and that the registration is current. (This information is displayed on Trustwave's site where the URL will look something like this https://sealserver.trustwave.com/cert.php?customerId=&size=105x54&style=normal&baseURL=www.geico.com, depending on the website on which the logo appears).
Steps Victims Can Take
If you think you have been the victim of a phishing email or suspicious phone call, consider the following steps:
- Review your bank and credit card statements regularly and thoroughly.
- Contact your financial institution immediately and block any accounts or cards that may have been compromised.
- Order credit reports from the major bureaus; have fraud warnings placed on them.
- Forward the suspect email to email@example.com and to the company falsely represented in the email. Most organizations have information on their websites about where to report problems.
- File a complaint with the Federal Trade Commission. You should also visit the FTC's Identity Theft website.
- If you think you have received a phishing email or suspicious phone call from someone saying they represented GEICO, you should forward the mail or caller information to: firstname.lastname@example.org.