Phishing Scams – What They Are and How to Avoid Them

What is a Phishing Email?
  • The
    term "phishing" – as in fishing for confidential information - refers to
    a scam that encompasses fraudulently obtaining and using an
    individual's personal or financial information. This is how it works:

    • A consumer receives an e-mail that appears to originate from a
      financial institution, government agency, or other well-known/reputable
    • The message describes an urgent reason you must "verify" or
      "re-submit" personal or confidential information by clicking on a link
      embedded in the message. f
    • The provided link appears to be the Web site of the financial
      institution, government agency or other well-known/reputable entity, but
      in "phishing" scams, the Web site belongs to the fraudster/scammer.
    • Once inside the fraudulent Web site, the consumer may be asked to
      provide Social Security numbers, account numbers, passwords or other
      information used to identify the consumer, such as the maiden name of
      the consumer's mother or the consumer's place of birth.
    • When the consumer provides the information, those perpetrating the
      fraud can begin to access consumer accounts or assume the person's
What should you do if you get one?
  • Always
    consider the intent of an e-mail before trusting the claims and
    requests the sender makes. If the email asks you to give out personal
    information, or if it asks you to send or wire money or if any part of
    it sounds suspicious, do not click on any links, do not download any
    attachments, do not call any phone numbers listed and most importantly,
    do not respond or fulfill their requests.
  • If you’re concerned
    about your account or need to reach an organization you do business
    with, call the number on your financial statements or on the back of
    your credit card.
  • If you suspect an e-mail or Web site is
    fraudulent, report this information to the real bank, company,
    government agency, or individual using a phone number from a reliable
    source. If your bank's Web page looks different or unusual, contact the
    institution directly to confirm that you haven't landed on a copycat Web
    site set up by criminals. Also, contact the Internet Crime Complaint
    Center (, a partnership between the FBI and the National
    White Collar Crime Center.
  • Forward phishing emails to – and to the company, bank, or organization impersonated in
    the email. You also may report phishing email to The Anti-Phishing Working Group, a
    group of ISPs, security vendors, financial institutions and law
    enforcement agencies, uses these reports to fight phishing.
  • If
    you suspect that you have been a victim of identity theft, perhaps
    because you submitted personal information in response to a suspicious,
    unsolicited e-mail or you see unauthorized charges on your credit card,
    immediately contact your financial institution. Also contact

    • the police and request a copy of any police report or case number for later reference
    • call
      the three major credit bureaus (Equifax at 800-525-6285, Experian at
      888-397-3742 and TransUnion at 800-680-7289) to request that a fraud
      alert be placed on your credit report.
    • File a report with the Federal Trade Commission at
    • Visit
      the FTC’s Identity Theft website. Victims of phishing could become
      victims of identity theft; there are steps you can take to minimize your
  • Delete emails from your computer after reporting them to the appropriate agencies.
How to Avoid a Phishing Attack:
  • Be
    cautious about opening attachments and downloading files from emails,
    regardless of who sent them. These files can contain viruses or other
    malware that can weaken your computer's security.
  • Use Security
    Software That Updates Automatically - Ways to attack your computer are
    constantly being developed, so your security software must be
    up-to-date. Most security software can update automatically; set yours
    to do so. You can find free security software from well-known companies.
    Also, set your operating system and web browser to update
    automatically. If you let your operating system, web browser, or
    security software get out-of-date, criminals could sneak their bad
    programs – malware – onto your computer.
  • Treat Your Personal
    Information Like Cash - Don’t hand it out to just anyone. Your Social
    Security number, credit card numbers, and bank and utility account
    numbers can be used to steal your money or open new accounts in your
    name. Don't email personal or financial information. Email is not a
    secure method of transmitting personal information.
  • Check Out
    Companies to Find Out Who You’re Really Dealing With - When you’re
    online, a little research can save you a lot of money. If you see an ad
    or an offer that looks good to you, take a moment to check out the
    company behind it. Type the company or product name into your favorite
    search engine with terms like “review,” “complaint,” or “scam.” If you
    find bad reviews, you’ll have to decide if the offer is worth the risk.
    If you can’t find contact information for the company, take your
    business elsewhere. Don’t assume that an ad you see on a reputable site
    is trustworthy. The fact that a site features an ad for another site
    doesn’t mean that it endorses the advertised site, or is even familiar
    with it.
  • Give Personal Information Over Encrypted Websites Only -
    If you’re shopping or banking online, stick to sites that use
    encryption to protect your information as it travels from your computer
    to their server. To determine if a website is encrypted, look for https
    at the beginning of the web address (the “s” is for secure). Some
    websites use encryption only on the sign-in page, but if any part of
    your session isn’t encrypted, the entire account could be vulnerable.
  • Protect Your Passwords -
    • The longer the password, the tougher it is to crack
    • Mix letters, numbers, and special characters. Try to be unpredictable – don’t use your name, birthdate, or common words.
    • Don’t
      use the same password for many accounts. If it’s stolen from you – or
      from one of the companies with which you do business – it can be used to
      take over all your accounts.
    • Don’t share passwords on the
      phone, in texts or by email. Legitimate companies will not send you
      messages asking for your password. If you get such a message, it’s
      probably a scam.
    • Keep your passwords in a secure place, out of plain sight.
  • Back
    Up Your Files - No system is completely secure. Copy important files
    onto a removable disc or an external hard drive, and store it in a safe
    place. If your computer is compromised, you’ll still have access to your
  • Review credit card and bank account statements as soon
    as you receive them to check for unauthorized charges. If your statement
    is late by more than a couple of days, call to confirm your billing
    address and account balances.
Keep in Mind:
  • FineMark
    and other legitimate businesses do not issue unsolicited e-mails to
    consumers or business account holders. It is important to note that
    FineMark will never ask for personal or confidential information in this
  • Don't reply to email, text, or pop-up messages that ask
    for your personal or financial information. Don’t click on links within
    them either – even if the message seems to be from an organization you
    trust. It isn’t. Legitimate businesses don’t ask you to send sensitive
    information through insecure channels.

If you have questions about this article or anything on our website or anything related to phishing scams, please call your office or our toll-free number: 877-461-5901 and we would be happy to help.



The Key to Keeping your Online Account Information Secure

Having a strong password is key to account security. Most of us have significant financial and personal information that's readily accessible through the Web, in most cases protected by nothing more than a username and password. Given the damage that can result from unauthorized access to this treasure trove of information, it makes sense to pay attention to a few simple common-sense rules that apply to online passwords.

Don't share your username or password with anyone, for any reason. Also, just as you wouldn't shout your password out for all to hear, don't make it easy for others to see you entering your password or PIN.

Use strong passwords. Your password should never be a word that can be found in a dictionary. It’s better to use a combination of numbers, upper- and lower-case letters, and symbols. Your password also shouldn't contain personal information that's easy to guess, i.e. pet names, children, birthdays or phone numbers. The tradeoff, of course, with such "strong" passwords is that they're not always easy to remember and you may find yourself breaking the next rule.

Don't write down your passwords. Imagine the consequences if your password list were to fall into the wrong hands. If you still feel the need to write down your passwords, keep them in a safe, locked place away from your desk or computer. You may also want to consider a password manager program or application. These programs encrypt your login and password information and you only need to memorize one password: the one that lets you access the password manager.

Use different passwords for different accounts. When you spend the time coming up with a strong password that you can remember, there's an overpowering temptation to use that same password everywhere you can. Bad idea. You should always try to use a different username and password with each account. The danger in using the same username and password for everything is that if one of your accounts is compromised, all of your accounts are at risk. And change your password periodically; change it immediately if you see any suspicious activity in your account.

Don't let your guard down. Good password practices and a little common sense can go a long way in protecting you from cyberthieves. The key is to avoid common mistakes, educate yourself on basic Internet security practices, and stay on top of things by regularly checking your accounts. The time and effort you'll spend today implementing effective passwords is nothing compared to the problems you'll face if you find that you're not the only one with access to your accounts.

FineMark offers great online services from online banking to bill pay. We strongly encourage our clients to keep their accounts secure by taking all necessary precautions. If you are having trouble with online banking, bill pay or if you would like more tips on how to keep your important information secure - call us. We are always here to help.

Prepared by Broadridge Investor Communication Solutions, Inc. Copyright 2011-2014.