Every Internet user should know about spoof (a.k.a. phishing or hoax) e-mails that appear to be from a well-known company but can put you at risk.
* Be suspicious of any email with urgent requests for personal financial information. Phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately. They typically ask for information such as usernames, passwords, credit card numbers, social security numbers, etc. Phisher emails are typically NOT personalized, while valid messages from your bank or e-commerce company generally are
* Don't use the links in an email to go to any web page. Instead, login to the website directly by typing in the web adress in your browser. Here is an example of how a phisher can trick you. If you click on the following web site http://www.bankofamerica.com you would expect to be going to Bank of America's website, correct? Instead the URL will take you to a different website which could be the phisher's website. The phisher's will try to trick you by having an authentic looking website but the information you provide will be in the wrong hands! Most of the time you should be able to move your mouse over the link without clicking it and you will be able to see where the link will take you by looking in the bottom of your email client or web browser.
* Avoid filling out forms in email messages that ask for personal financial information
* Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser. To make sure you're on a secure Web server, check the beginning of the Web address in your browser's address bar - it should be "https://" rather than just "http://" But be aware, A phisher's website can be a secure website also. https:// only indicates that the data is encrypted.
* Regularly check your bank, credit and debit card satements to ensure that all transactions are legitimate
* Ensure that your browser is up to date and security patches applied. Trenton Computer Services recommends the Mozilla Firefox browser.
* Always report "phishing" or “spoofed” e-mails:
forward the email to the Federal Trade Commission at spam@uce.gov
forward the email to the "abuse" email address at the company that is being
spoofed (e.g. "spoof@ebay.com")
When forwarding spoofed messages, always include the entire original email with its original header information intact. In your email client, enable "Show All Headers"
notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their website: www.ifccfbi.gov/
For more information, check some of the following sources:
For more information about how to protect yourself, see our Fact Sheet 17a Identity Theft: What to do if It Happens to You at http://www.privacyrights.org/fs/fs17a.htm. Read the information and tips put out by the Federal Trade Commission about phishing at http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm