With the extraordinary theft of millions of email addresses collected by some of the nation’s biggest companies, it’s time to think about the likely result — phishing attacks — and how to avoid becoming a victim.
If you have accounts with Citigroup, Capital One, The College Board, Walgreen, HSN or TiVo there’s a reasonable chance some con artist is trying to figure out how to get in touch with you — and not to be Facebook friends. They want to dupe you into giving them more information than they have right now.
Here’s what they’ve got: Your name (maybe just your first name) and your email address. Here’s what they want: The good stuff like your home address, phone number, Social Security Number and — of course — account numbers. Now they’re going to release a hailstorm of somewhat targeted emails intended to get you to believe they’re real, perhaps even referencing the theft itself.
Don’t just assume you’re too smart to become a victim. Thousands of consumers every month fall victim. These are not just people who are gullible or lack web savvy.
All sorts of people fall victim because the crooks have gotten very sophisticated, perfectly (sometimes) mimicking real communications from companies you do business with.
The big difference — and what you need to watch out for — is that the phishing emails are going to be angling for information from you. The real companies would never ask you for that kind of information in an email. Sometimes their attempts to con you will be well masked, like asking you to click on a link to go to their site to “update” your account information or some such rouse. Here are five ways to avoid phishing attacks.
Don’t click links in your emails. In most browsers, you can run your mouse over a link to see where it really goes. The crooks will often create URLs intended to confuse you — instead of yourbank.com/accounts they might use yourbank/accounts/and hide the real URL somewhere way over to the right.
Get a good virus protection program installed and then make sure to update it regularly.
DO NOT call phone numbers in the emails and DO NOT click the links in them. If you have a question about a credit card communication, for instance, call the customer service number on your card or bill. If you need to update to account information online, do that only by logging into an established site that you’ve already used.
NEVER email personal or financial information. Be sure to read your credit card and bank statements immediately. Fraud protections on cards, in particular, are good but are time-limited. So raise a red flag as soon as you see suspicious charges. You’ve typically got 60 days from the time the fraudulent charge appears on your bill.
If you get a phishing email, notify the company or agency that was being impersonated and forward the email to this federal government email address: firstname.lastname@example.org. That’s the Federal Trade Commission, which collects the complaints to determine whether action can be taken, but does not deal with an individual consumer’s situation. You should also complain to the Internet Crime Complaint Center, an anti-internet crime venture involving the FBI, the Bureau of Justice Statistics and the National White Collar Crime Center.