What is a Phishing Email?
term "phishing" – as in fishing for confidential information - refers to
a scam that encompasses fraudulently obtaining and using an
individual's personal or financial information. This is how it works:
- A consumer receives an e-mail that appears to originate from a
financial institution, government agency, or other well-known/reputable
- The message describes an urgent reason you must "verify" or
"re-submit" personal or confidential information by clicking on a link
embedded in the message. f
- The provided link appears to be the Web site of the financial
institution, government agency or other well-known/reputable entity, but
in "phishing" scams, the Web site belongs to the fraudster/scammer.
- Once inside the fraudulent Web site, the consumer may be asked to
provide Social Security numbers, account numbers, passwords or other
information used to identify the consumer, such as the maiden name of
the consumer's mother or the consumer's place of birth.
- When the consumer provides the information, those perpetrating the
fraud can begin to access consumer accounts or assume the person's
- A consumer receives an e-mail that appears to originate from a
What should you do if you get one?
consider the intent of an e-mail before trusting the claims and
requests the sender makes. If the email asks you to give out personal
information, or if it asks you to send or wire money or if any part of
it sounds suspicious, do not click on any links, do not download any
attachments, do not call any phone numbers listed and most importantly,
do not respond or fulfill their requests.
- If you’re concerned
about your account or need to reach an organization you do business
with, call the number on your financial statements or on the back of
your credit card.
- If you suspect an e-mail or Web site is
fraudulent, report this information to the real bank, company,
government agency, or individual using a phone number from a reliable
source. If your bank's Web page looks different or unusual, contact the
institution directly to confirm that you haven't landed on a copycat Web
site set up by criminals. Also, contact the Internet Crime Complaint
Center (www.ic3.gov), a partnership between the FBI and the National
White Collar Crime Center.
- Forward phishing emails to
email@example.com – and to the company, bank, or organization impersonated in
the email. You also may report phishing email to
firstname.lastname@example.org. The Anti-Phishing Working Group, a
group of ISPs, security vendors, financial institutions and law
enforcement agencies, uses these reports to fight phishing.
you suspect that you have been a victim of identity theft, perhaps
because you submitted personal information in response to a suspicious,
unsolicited e-mail or you see unauthorized charges on your credit card,
immediately contact your financial institution. Also contact
- the police and request a copy of any police report or case number for later reference
the three major credit bureaus (Equifax at 800-525-6285, Experian at
888-397-3742 and TransUnion at 800-680-7289) to request that a fraud
alert be placed on your credit report.
- File a report with the Federal Trade Commission at www.ftc.gov/complaint.
the FTC’s Identity Theft website. Victims of phishing could become
victims of identity theft; there are steps you can take to minimize your
- Delete emails from your computer after reporting them to the appropriate agencies.
How to Avoid a Phishing Attack:
cautious about opening attachments and downloading files from emails,
regardless of who sent them. These files can contain viruses or other
malware that can weaken your computer's security.
- Use Security
Software That Updates Automatically - Ways to attack your computer are
constantly being developed, so your security software must be
up-to-date. Most security software can update automatically; set yours
to do so. You can find free security software from well-known companies.
Also, set your operating system and web browser to update
automatically. If you let your operating system, web browser, or
security software get out-of-date, criminals could sneak their bad
programs – malware – onto your computer.
- Treat Your Personal
Information Like Cash - Don’t hand it out to just anyone. Your Social
Security number, credit card numbers, and bank and utility account
numbers can be used to steal your money or open new accounts in your
name. Don't email personal or financial information. Email is not a
secure method of transmitting personal information.
- Check Out
Companies to Find Out Who You’re Really Dealing With - When you’re
online, a little research can save you a lot of money. If you see an ad
or an offer that looks good to you, take a moment to check out the
company behind it. Type the company or product name into your favorite
search engine with terms like “review,” “complaint,” or “scam.” If you
find bad reviews, you’ll have to decide if the offer is worth the risk.
If you can’t find contact information for the company, take your
business elsewhere. Don’t assume that an ad you see on a reputable site
is trustworthy. The fact that a site features an ad for another site
doesn’t mean that it endorses the advertised site, or is even familiar
- Give Personal Information Over Encrypted Websites Only -
If you’re shopping or banking online, stick to sites that use
encryption to protect your information as it travels from your computer
to their server. To determine if a website is encrypted, look for https
at the beginning of the web address (the “s” is for secure). Some
websites use encryption only on the sign-in page, but if any part of
your session isn’t encrypted, the entire account could be vulnerable.
- Protect Your Passwords -
- The longer the password, the tougher it is to crack
- Mix letters, numbers, and special characters. Try to be unpredictable – don’t use your name, birthdate, or common words.
use the same password for many accounts. If it’s stolen from you – or
from one of the companies with which you do business – it can be used to
take over all your accounts.
- Don’t share passwords on the
phone, in texts or by email. Legitimate companies will not send you
messages asking for your password. If you get such a message, it’s
probably a scam.
- Keep your passwords in a secure place, out of plain sight.
Up Your Files - No system is completely secure. Copy important files
onto a removable disc or an external hard drive, and store it in a safe
place. If your computer is compromised, you’ll still have access to your
- Review credit card and bank account statements as soon
as you receive them to check for unauthorized charges. If your statement
is late by more than a couple of days, call to confirm your billing
address and account balances.
Keep in Mind:
and other legitimate businesses do not issue unsolicited e-mails to
consumers or business account holders. It is important to note that
FineMark will never ask for personal or confidential information in this
- Don't reply to email, text, or pop-up messages that ask
for your personal or financial information. Don’t click on links within
them either – even if the message seems to be from an organization you
trust. It isn’t. Legitimate businesses don’t ask you to send sensitive
information through insecure channels.
If you have questions about this article or anything on our website or anything related to phishing scams, please call your office or our toll-free number: 877-461-5901 and we would be happy to help.
The Key to Keeping your Online Account Information Secure
Having a strong password is key to account security. Most of us have significant financial and personal information that's readily accessible through the Web, in most cases protected by nothing more than a username and password. Given the damage that can result from unauthorized access to this treasure trove of information, it makes sense to pay attention to a few simple common-sense rules that apply to online passwords.
Don't share your username or password with anyone, for any reason. Also, just as you wouldn't shout your password out for all to hear, don't make it easy for others to see you entering your password or PIN.
Use strong passwords. Your password should never be a word that can be found in a dictionary. It’s better to use a combination of numbers, upper- and lower-case letters, and symbols. Your password also shouldn't contain personal information that's easy to guess, i.e. pet names, children, birthdays or phone numbers. The tradeoff, of course, with such "strong" passwords is that they're not always easy to remember and you may find yourself breaking the next rule.
Don't write down your passwords. Imagine the consequences if your password list were to fall into the wrong hands. If you still feel the need to write down your passwords, keep them in a safe, locked place away from your desk or computer. You may also want to consider a password manager program or application. These programs encrypt your login and password information and you only need to memorize one password: the one that lets you access the password manager.
Use different passwords for different accounts. When you spend the time coming up with a strong password that you can remember, there's an overpowering temptation to use that same password everywhere you can. Bad idea. You should always try to use a different username and password with each account. The danger in using the same username and password for everything is that if one of your accounts is compromised, all of your accounts are at risk. And change your password periodically; change it immediately if you see any suspicious activity in your account.
Don't let your guard down. Good password practices and a little common sense can go a long way in protecting you from cyberthieves. The key is to avoid common mistakes, educate yourself on basic Internet security practices, and stay on top of things by regularly checking your accounts. The time and effort you'll spend today implementing effective passwords is nothing compared to the problems you'll face if you find that you're not the only one with access to your accounts.
FineMark offers great online services from online banking to bill pay. We strongly encourage our clients to keep their accounts secure by taking all necessary precautions. If you are having trouble with online banking, bill pay or if you would like more tips on how to keep your important information secure - call us. We are always here to help.
Prepared by Broadridge Investor Communication Solutions, Inc. Copyright 2011-2014.