What is a “Phishing” scam?
* originally posted on November 4th, 2005 *
“Phishing” is an e-mail scam that attempts to trick consumers into revealing personal information - such as their credit or check card account numbers, checking account information, Social Security numbers, or banking account passwords - through fake Web sites or in a reply e-mail. Typically the e-mails and Web sites use familiar logos and slick graphics to deceive consumers into thinking the sender or Web site owner is a government agency or a company they know. Sometimes the phisher urges intended victims to “confirm” account information that has been “stolen” or “lost.” Other times the phisher entices victims to reveal personal information by telling them they have won a special prize or earned an exciting reward.
For an example of a fraudulent Bank of Oklahoma email, click here.
Spotting a "Phish"
While phishing e-mails can be quite sophisticated in appearance, the following features are often indicators. An e-mail could be a scam if it:
- Asks you to provide personal information such as your bank account number, an account password, credit card number, PIN number, mother's maiden name, or Social Security number.
- Fails to address you by your name.
- Warns that your account will be shut down unless you reconfirm your financial information.
- Warns that you have been the victim of fraud.
- Has spelling or grammatical errors.
How to Stay Safe
- Keep the security features of your computer software up-to-date. This includes your Windows/Macintosh installation, web browser, virus scan software and firewall.
- Be cautious. View any e-mail request for financial information or other personal data with suspicion. Do not reply to the e-mail and do not respond by clicking on a link within the e-mail message.
- Don’t open e-mails or attachments from unknown sources. Be suspicious of any unexpected e-mail attachments even if they appear to be from someone you know.
- Go directly to the company website by opening a new browser window and type the web address.
- Contact the actual business that allegedly sent the e-mail to verify if it is genuine. Call a phone number or visit a Web site that you know to be legitimate, such as those provided on your monthly statements.
- Do NOT send personal information (e.g. credit or debit card number, Social Security number, online passwords or PIN) in response to an e-mail request from anyone or any entity.
- Review your statements. Check your monthly statements to verify all transactions.
- Always log off the web site after you have submitted an application or concluded a secure online session (such as Online Banking).
- Be careful and selective before providing your e-mail address to a questionable Web site. Providing your e-mail address makes you more likely to receive fraudulent e-mails.
Remember, no bank/organization will ever ask for your personal info via e-mail...
For more information about protecting yourself online, "phishing" scams and identity theft, visit:
If you would like, you may want to forward any suspicious e-mails in the future to the Federal Trade Commission firstname.lastname@example.org or contact them at 1-877-IDTHEFT.