spacer image
Skip Nav Skip to Search
Contact Us
spacer image
get adobe reader

Phishing Attacks

Fish HooksPhishing attacks involve the use of a specially crafted email and/or a web site to obtain sensitive information.  The email is "cast" out to thousands of people in the hopes that a few will respond.  Those that do respond will likely fall victim to fraud or identity theft.

The scenario goes like this.  You receive an email that appears to be from a legitimate company, such as a bank or online bill payment company.  The email appears genuine, and asks you to "verify" your account information for security reasons, or your account will be suspended or some other undesirable circumstance will arise.  The email instructs you to click on an included link which directs your internet browser to a site to complete your account verification process.  If you follow the instructions, you arrive at a web site that looks authentic and contains a form for you to enter your personal information.  In reality, the site is owned by the perpetrators and has nothing at all to do with the authentic web site.  The perpetrators hope you will fill out the form, feel relieved that you just "dodged a bullet", and forget about the problem.  Meanwhile, they have just obtained your personal information and are more than happy to use it themselves to empty your bank account or to sell the information to others desiring the same.

The above scenario is a common form of Phishing.  Of course, there are many variations of the scam and you have to be very alert to avoid falling victim.  

How do I protect myself?    

  • Do not provide personal information unless you are certain of  the requestor's identity and of his/her authorization to have your personal information
  • Do not reveal personal information, including usernames and passwords, in email.  Never respond to email requests for this type of information.
  • Do not click on links in email to follow them.  A very good practice is to copy and paste the link into your browser.  
  • Do not send sensitive information over the internet until you check the web site's security status.  The web address of a secure site will always begin with "https://". The "s" at the end is your indication that the site is secure. 
  • Pay attention to the URL, or web site address.  Malicious web site may look identical to the authentic sites, but may use a variation of spelling or of the Top Level Domain (.com, .net, .gov, etc.).
  • If you are unsure of the authenticity of an email, contact the company directly.  Do not use contact information provided in the suspect email, rather, use previous billing statements or other correspondence you have received from the company.  Information about known phishing attacks can be located at:

What to do if you think you are a victim of a phishing attack

  • If you believe that your financial account information has been compromised, contact your financial institution immediately and close any accounts that may have been compromised.  Watch for any unusual activity in your accounts and notify your financial institution of these activities as soon as possible.
  • Consider reporting the attack to your local police department.  You might also consider filing a complaint with the Internet Crime Complaint Center (IC3) at  IC3 is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center.


Related Topics