Wall Street's upheaval has put consumers at greater risk for phishing scams, a type of fraud in which individuals try to acquire personal information through deception. The share of spam emails that involved phishing scams has hit a high globally, according to U.K.-based Internet security firm Marshal. Bank of America, Citibank and Wachovia, in particular, have been popular Phishing targets.
The uncertainty provides an opening for scam artists called phishers, who send out seemingly legitimate emails asking for personal information such as passwords, usernames and Social Security numbers. That info is often used to open bogus credit card accounts, for example, or to tap into your bank accounts. Phishing can take the form of an email, phone call or letter. The scams range from the complex to the relatively transparent. Those that succeed work because they appear to come from a bona fide financial institution.
So how can you tell if a notice from your bank or mortgage lender is legitimate? Here are a few questions to ask yourself to help weed out the scams:
Does it ask for your information?
Be suspicious of any email asking for personal information. After all, the majority of phishing efforts won't work if you don't participate. If the request looks sufficiently official -- you are addressed by name and the logo looks legitimate, for example -- double check with your banking or lending institution. Just be sure to contact them at the phone number written on your monthly statement, and not the one provided on the correspondence in question.
Is it urgent?
Scams frequently suggest that you either risk missing out on a great opportunity or that something bad could happen to your accounts if you don't do what they ask. Phishers want you to act quickly without taking the time to think through the request. For instance, a letter announcing that your accounts are now with a different institution is reasonable, but a request for your username and passwords is not. Again, if it looks sufficiently authentic, contact your lender or bank directly to ask about the problem.
Where do they send you?
If an official-sounding notice directs you to a Web site, email address or phone number that you aren't familiar with, it is worth double-checking. Compare the new contact information with what appears on your monthly statements. But even if a particular link looks legitimate, it might redirect you to a fraudulent site. (In many cases, you can see where a link will actually take you by scrolling your cursor over it and looking at the bottom left of your browser window.) For added safety, anti-phishing software is incorporated into a number of Web browsers, such as Internet Explorer 7 and Firefox 2.0, and will prevent you from viewing suspect Web sites.
Is it too good to be true?
As with most types of fraud, if it seems too good to be true, it probably is. The vast majority of legitimate notices -- monthly statements, pre-approval letters and privacy agreements -- are not particularly interesting or potentially lucrative. You'd do well to remain suspicious long enough to contact the relevant institution before following whatever instructions are included in the notice.
What to do if you've been hooked
If you're a victim of a phishing scam, first contact your banking or lending institution. Close out your account and open a new one, and be sure to change any usernames, passwords and personal identification numbers (PINs). Next, contact the three credit bureaus, Equifax, Experian and Transunion, and place a fraud alert on your credit report. Finally, contact the police and report the details of the scam. Request the case number and a copy of the police report for reference.
If you receive a phishing email and recognize that it's fraudulent, don't just delete it. Forward the relevant information to whichever institution was mentioned in the scam. Most banks and major lenders have a dedicated phone number or section of their Web site for consumers to report fraud.