One of the latest methods of ID theft, known as
“phishing,” involves unsolicited e-mails sent to Internet
users. The e-mails are designed to look like authentic messages
from legitimate businesses, financial institutions, or government
agencies. Often marked “URGENT,” the messages lead
recipients to believe their accounts will be closed if they do
not comply with certain instructions, like disclosing personal
information, user names, passwords, and credit card numbers. The
messages link recipients to websites that often look legitimate,
but are not.
Phishing differs from traditional identity theft
in that it is the victim who actually provides the information
to the scammer. The Internet addresses of the websites to which
victims are directed are purposefully misleading. For example,
billing.yahoo.com is a legitimate yahoo site, but yahoo-billing.com
is not and is a website used by phishers.
1. Stop. Phishers prey on your emotions by making
you think that you need to respond immediately. They want you
to click on a link before you’ve had a chance to think about
the content of the message. Take time to read your e-mail carefully
before clicking on any links it contains.
2. Look. Carefully examine any claims that are made
in your e-mail messages. If they sound too good to be true or
ask for personal information, you should be highly suspicious.
There is no reason for companies to be asking for your account
numbers, user names, passwords, or other personal information.
3. Call. If an e-mail claims to be from a legitimate
company or institution with whom you do business, call the phone
number listed on your last statement to check the accuracy of
the e-mail or, if you cannot find one, send an e-mail to the address
given on the company’s or institution’s official website.
If you have accidentally submitted your personal
information, you should:
1. Immediately file a complaint with the Internet
Crime Complaint Center at http://www.ic3.gov.
2. Because of your increased risk of becoming a
victim of identity theft, you should visit http://www.consumer.gov/idtheft
and follow the directions for reporting information to credit
bureaus, credit-card companies, and law enforcement.
If you have received a phishing e-mail but have
not submitted personal information, DO NOT RESPOND. The Department
of Justice recommends that you send a copy of the e-mail to uce@ftc.gov
and reportphishing@antiphishing.org.
Useful Links:
The Department of Justice’s March, 2004 “Special
Report on ‘Phishing’” can be found at http://www.usdoj.gov/criminal/fraud/Phishing.pdf.
Another site, http://antiphishing.org/phishing_archive.htm,
includes examples of actual phishing e-mails.