How to Spot Phishing Scams and Protect Your Identity

Dear Friend,

Identity theft continues to have a negative impact on millions of New Yorkers. One of the most prevalent forms of identity theft is commonly referred to as “phishing.” Phishing scammers send e-mail or pop-up messages designed to trick consumers into divulging personal information such as account passwords, credit card numbers, Social Security Numbers, or other sensitive information. Once in possession of this information, fraudulent actors can use it to commit identity theft crimes or sell the information.

Phishing scams are becoming increasingly sophisticated. Criminals are using bogus Web sites, fake e-mail addresses and other deceptive means to pry sensitive personal information from unsuspecting consumers.

Identity theft victims often spend months or even years clearing their accounts of fraudulent charges and restoring their credit history. It is important that consumers take steps to protect themselves from becoming victimized. You can protect yourself from phishing scams by reporting suspicious e-mail messages to the proper authorities and learning about the ways in which criminals lure victims.

Feel free to contact my office if you would like more information on this or any other matter.

Sincerely,
signature
Assemblywoman Helene E. Weinstein

3520 Nostrand Avenue
Brooklyn, NY 11229
718-648-4700

What is Phishing?

The term “phishing” (FISH-ing) refers to online scams in which thieves attempt to lure consumers into divulging their passwords and financial and personal information through the use of fraudulent electronic communication in the form of e-mails or pop-up messages. These e-mails often claim to be from a business or organization that the consumer may already be familiar with, such as an Internet service provider, bank, credit card company, online payment service, or government agency. These e-mails often ask recipients to “confirm” or “validate” account information by responding and providing sensitive personal information, and sometimes these messages threaten that severe consequences will occur if the recipient does not respond.

Recognizing Phishing E-mails

The following are some examples of common phishing e-mails. Treat any messages that contain spelling and grammatical errors, urgent requests, or suspicious links or attachments as potential phishing e-mails.

The Lure: Update Your Account/ Confirm Your Identity

“Dear valued bank member, it has come to our attention that your account information needs to be updated due to inactive member, frauds, and spoof reports. Failure to update your records will result in account deletion. Please follow the link below to confirm your data.”

“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”

“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”

The Lure: Change Your Password

“The current password for your U.S. Bank accounts has not been revised for a long period of time and needs to be changed within 72 hours. Therefore, we urge you to do it today. You can do this quickly and easily by signing on and going to the Account Servicing area: Failure to change your password within 72 hours may result in your account suspension.”

The Lure: Government Agency Hoax

“Access this secure Web site to find out if the IRS received your return and whether your refund was processed and sent to you. To get to your refund status, you’ll need to provide the following information as shown on your return:

Your first and last name
Your Social Security Number
Your credit card Information.”

What to Do if You Receive a Phishing E-mail.

If you receive a request for personal information via e-mail, DO NOT RESPOND OR CLICK ON ANY LINK. Legitimate businesses and organizations never request personal information through e-mail.
Contact the business or organization named in the e-mail using a phone number that you know to be valid, report the suspicious e-mail, and inquire about the security of your account.
Forward the e-mail to the named organization or business and spam@uce.gov. Messages sent to this address are stored in a database law enforcement agencies use in their investigations. Additionally, you may wish to file a complaint with the Federal Trade Commission (see Important Resources) or report the phishing e-mail to the Anti-Phishing Working Group (APWG) at: http://www.antiphishing.org/.

If you believe that your personal information has been compromised by a phishing scam, be sure to check your credit reports and financial statements closely for any account changes or unauthorized charges.

If you find irregular activity, contact the NYS Consumer Protection Board for assistance (see Important Resources)

Avoid Getting Hooked
by Phishing Scams — Quick Tips

Never reply to e-mail messages that request your personal information.
Do not click on links or open attachments in an e-mail that you suspect may be fraudulent.
Avoid sending personal information in e-mail messages. Call the person or business directly instead.
Create complex passwords for online accounts and change them often. Passwords that combine uppercase and lowercase letters and numbers are best.
Check your financial accounts regularly for unauthorized activity and immediately report any irregularities by using a contact telephone number you know to be valid.

Important Resources

Federal Trade Commission (FTC)
1-877-IDTHEFT (438-4338)
http://www.ftc.gov/idtheft/

NYS Consumer Protection Board Helpline
1-800-697-1220
http://www.consumer.state.ny.us/

NYS Attorney General Consumer Helpline
1-800-771-7755
http://www.oag.state.ny.us/

FTC’s Onguard Online Web site
For information on email scams, spyware,
wireless security, and other online threats.
http://www.onguardonline.gov/