Phishing is the term coined by Internet scammers who imitate legitimate companies in emails to entice people to share user names, passwords, account information or credit-card numbers.

The term Phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users' private information. The most common ploy is to copy the look and feel of a web page from a major site and use that design to set up a nearly identical page that appears to be part of the company's site.

There are several steps you can take to make sure you don't fall for one of these scams:

• Always be suspicious of any email that requests personal account information, such as solicitations for usernames, passwords, account numbers or any other personal data. Just because it looks like it came from an authentic source doesn't mean that it did.
• No legitimate business will ask customers for password information via phone or email, as that information is private and is only known to users. (Frequently, legitimate business will encrypt passwords, so that they aren't available even to their own employees.)  Neither will a legitimate business ask for billing or payment information through email.
• Don't use the links in an email to get to any web page if you suspect the message might not be authentic. Instead, call the company on the telephone, or log onto the website directly by typing in the web address in your browser.
• If you're at all suspicious of a site, when prompted for a password, give an incorrect one first. A phishing site will accept it; a legitimate one won't.
• Always ensure that you're using a secure server when submitting credit card information. To make sure you're using a secure server,
  • Check the beginning of the web address in your browsers address bar: it should be https:// (Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL) rather than just http://
  • If the address does begin with https, double-click on the padlock icon at the bottom right corner of your browser window.
  • This brings up a new window that displays some information about the certificate.
  • Verify that the information within the certificate corresponds with the website
• Never send credit card information or other confidential information through email: there is no way of ensuring security in an email transaction.
• Consider installing a Web browser tool bar to help protect you from known phishing fraud websites. EarthLink ScamBlocker is part of a free browser toolbar that alerts you before you visit a page that's on Earthlink's list of known fraudulent phisher websites. It's free to all Internet users; you can download it at http://www.earthlink.net/home/software/toolbar/
• Always report "phishing" or “spoofed” emails to the following groups:
  • forward the email to reportphishing@antiphishing.com
  • forward the email to the Federal Trade Commission at spam@uce.gov
  • forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com")
  • when forwarding spoofed messages, always include the entire original email with its original header information intact
  • notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their website: www.ifccfbi.gov/
• Regularly log into your online accounts. Don't leave it for as long as a month before you check each account.
• Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate. If anything is suspicious, contact your bank and all card issuers.
• Ensure that your browser is up to date and security patches applied. In particular, people who use the Microsoft Internet Explorer browser should immediately go to the Microsoft Security home page -- http://www.microsoft.com/security/ -- to download a special patch relating to certain phishing schemes.
• Use anti-virus software and keep it up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.
• Contact your bank or credit card company immediately if you think you may have replied to a fraudulent email with sensitive personal information.

In addition, we strongly urge you to read the additional information that can be found in this FTC Consumer Alert and through the Anti-Phishing Work Group.

Back to Technical Support.