Look Out for Phishing Scams

Phishing

Phishing is a slang term used to describe how criminals trick consumers into divulging sensitive information such as bank or credit card account numbers or passwords. These criminals may send you an email, show you a popup online, or call you and claim that they represent a business and that they need you to update or confirm or validate sensitive information. Sometimes they threaten consequences if you don't divulge this information. No matter how innocent phishing sounds, it allows criminals to put a nasty hook into your personal information. Basically, phishing is a criminal enterprise that uses phony email messages and fake websites to steal personal information—the kind of information that leads to identity theft.

How Phishing Works

A typical phishing scam, or spoof, works like this:

• You receive an email message claiming to be from a well-known company with important information about your account;
• The message urges you to take action—even warning of possible account suspension—and includes a link to the company's website;
• The website instructs you to update or verify certain personal information, such as your password, credit card number, or Social Security number.

While the email and website appear to be legitimate, they are bogus and exist only to steal your information.

Tips To Avoid Phishing Scams

Avoid getting spoofed. Keep these simple tips in mind to protect your personal and account information:

• If you receive an email or pop-up message that asks for personal or financial information, do not reply. Legitimate companies do not ask for this information via email. Never use email to send sensitive, personal, or financial information. Email is not secure.
• Do not click on any link in an unsolicited or suspicious email. You may check each link by rolling your mouse over it. (Your email program or browser should display the address.) If you have a concern about your account, open a new web browser, type in the company's address, and log in to your account as you normally would. If there is an urgent matter related to your account, you'll probably see it there.
• Only use secure websites for sensitive personal data. (A secure website has an address that begins with HTTPS and the browser will display a padlock icon.)
• Do not provide sensitive information to callers; call the business back at a number documented on bills or other business documents.
• Spoofs try to create urgency by warning of account suspension if the information is not updated or confirmed by a specific date. Most companies do not treat customers this way.

To make your Internet experience more secure, consider these suggestions, in addition to those above:

• Use anti-virus and anti-spyware software and a firewall.
• Update these security programs, your browser, and your operating system regularly.
• Find out more at OnGuard Online

Rewards for Survey Participation

GEICO has received reports of individuals receiving unsolicited emailed invitations to participate in a survey of GEICO customers in return for a reward. The invitations use the official GEICO name or logo, and/or purported images of GEICO buildings, and individuals report being prompted to pay for shipping charges using their personal credit card to claim the promised rewards. These surveys are not legitimate and do not originate from GEICO.

GEICO does conduct surveys to which you may be invited via email, within our mobile apps, on our website, or via our automated phone systems. However, GEICO emailed surveys and survey invitations:

• Will always be sent from the geico.com email address
• Will never require you to submit payment information

If you have received an invitation to participate in an alleged GEICO survey that requires you to provide payment information, the invitation and survey are fraudulent. If you believe you have been a victim of one of these emails, please review our information on "Steps Victims Can Take" below.

Tips on Authenticating Websites

Where am I? On the Internet you may not be where you think you are. Fraudsters can create fake sites that seem entirely authentic. To combat this, most businesses provide a way for you to authenticate that you are where you think you are. GEICO employs Trustwave to authenticate the website.

If you click on the Trustwave logo, it will tell you the site is registered to GEICO and that the registration is current. (This information is displayed on Trustwave's site where the URL will look something like this https://sealserver.trustwave.com/cert.php?customerId=&size=105x54&style=normal&baseURL=www.geico.com, depending on the website on which the logo appears).

Take Preventative Measures

Phishing scams can lead to Identity Theft. Take preventative measures and enroll in GEICO Portfolio Identity Protection. Identity Protection helps you monitor and manage your credit and protect your identity. Enroll online to protect your credit and identity from Phishing scams.

Steps Victims Can Take

If you think you have been the victim of a phishing email or suspicious phone call, consider the following steps:

• Review your bank and credit card statements regularly and thoroughly.
• Contact your financial institution immediately and block any accounts or cards that may have been compromised.
• Order credit reports from the major bureaus; have fraud warnings placed on them.
• Forward the suspect email to spam@usa.gov and to the company falsely represented in the email. Most organizations have information on their websites about where to report problems.
• File a complaint with the Federal Trade Commission. You should also visit the FTC's Identity Theft website.
• If you think you have received a phishing email or suspicious phone call from someone saying they represented GEICO, you should forward the mail or caller information to: phishing@geico.com.