Phishing Scam

A phishing scam is the process of attempting to get sensitive information such as credit card details, usernames, passwords and social security numbers by pretending to be a trustworthy organisation.

Phishing e-mail messages can take a number of forms. They might appear to come from your online bank or financial institution, auction sites such as eBay, online payment processors such as PayPal, a company you regularly do business with, or from your social networking site such as YouTube, Facebook or MySpace.

Phishing scams are usually carried out by email or instant messaging, and direct you to a fake website where you enter personal details. The fake website will look similar or identical to the legitimate website.

In order to trick you into revealing your personal details, the message might include phrases like "confirm billing information" or "verify your account" or "update your credit card information" or "If you don't respond within 48 hours your account will be closed".

These are examples of messages you may receive:

"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."

"During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."

The messages convey a sense of urgency so that you will respond immediately without thinking. The message might even claim that your quick response is required because your account has been compromised.

The messages direct you to a website that looks just like a legitimate organization's site, however it's a fake site whose sole purpose is to trick you into giving your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

phishing scam

Social networking sites are now a prime target of phishing, since the personal details in such sites can be used in identity theft. Experiments show a success rate of over 70% for phishing attacks on social networks.

Almost half of phishing thefts in 2006 were committed by groups operating through the Russian Business Network based in St. Petersburg.

A phishing scam that is very targeted is called spear phishing. Some recent phishing attacks have been directed specifically at senior executives within businesses, and the term whaling has been coined for these kinds of attacks.

Uses of Information from a Phishing Scam

This type of identity theft may result in denial of access to email, loss of credit, lost access to accounts, or severe financial loss.

If phishers can gain access to username and passwords, they can lock you out of your accounts, and drain accounts of any money and also run up debt.

If phishers can obtain your name, date of birth and an address [some of which can be obtained from public records] they can open bank accounts, business accounts and credit cards with which to commit fraud.

In 2007 phishing attacks in the United States involved 3.6 million adults who lost US $ 3.2 billion in the 12 months ending in August 2007.

How to Avoid a Phishing Scam

  • Be suspicious of any emails with urgent requests for personal or financial information, especially if they have exciting or upsetting information designed to get you to respond urgently
  • Don't reply to email or pop-up messages that ask for personal or financial information, and don't click on links in the message. Don't cut and paste a link from the message into your Web browser because phishers can make links look like they go one place, but that actually send you to a different site
  • Always ensure that you are using a secure website when submitting credit card or other sensitive information via your web browser

             * Phishers are now able to forge both the https:// that you normally see when you are on a secure Web server and
                also a legitimate looking address. Make sure you enter the address of any banking, shopping, or financial
                transaction website yourself and don't use displayed links

             * Phishers can also forge the yellow lock you would normally see near the bottom of your screen on a secure
                site. The lock used to be an indicator of a 'safe' site. When the lock is double-clicked, it displays the security
                certificate for the site. If you get any warnings that the address of the site you have displayed does not match
                the certificate, don't proceed

  • Some phishers send an email that appears to be from a legitimate business and ask you to call a phone number to update your account or access a "refund." Because they use Voice over Internet Protocol technology, the area code you call does not reflect where the phishers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card
  • Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly
  • Review credit card and bank account statements as soon as you receive them so you can check for unauthorized charges
  • The main thing phishing e-mail messages have in common is that they ask for personal data, or direct you to Web sites or phone numbers to call where they ask you to provide personal data
  • Nearly all legitimate e-mail messages from companies to their customers contain an item of information that is not readily available to phishers. Some companies such as PayPal always address their customers by their username in e-mails, so if an e-mail addresses the recipient in a generic fashion ["Dear PayPal customer"] it is likely to be an attempt at phishing
  • Identity Theft Help Sites:

       *http://www.consumer.gov/idtheft/
       *http://www.identity-theft-help.us/
       *http://www.identitytheft.org/
       *http://www.usdoj.gov/criminal/fraud/idtheft.html
       *http://www.ifccfbi.gov/index.asp
       *http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm

What to do if You have been a Victim of a Phishing Scam

If you have given out your personal identification information in a phishing scam:

Report the theft to the three major credit reporting agencies, Experian, Equifax and TransUnion Corporation, and do the following:

  • Request that they place a fraud alert and a victim’s statement in your file
  • Request a FREE copy of your credit report to check whether any accounts were opened without your consent
  • Request that the agencies remove inquiries and/or fraudulent accounts stemming from the theft

Major Credit Bureaus

  • Equifax - www.equifax.com To order your report, call: 800-685-1111 or write: P.O. Box 740241, Atlanta, GA 30374-0241 To report fraud, call: 800-525-6285 and write: P.O. Box 740241, Atlanta, GA 30374-0241 Hearing impaired call 1-800-255-0056 and ask the operator to call the Auto Disclosure Line at 1-800-685-1111 to request a copy of your report.
  • Experian - www.experian.com To order your report, call: 888-EXPERIAN (397-3742) or write: P.O. Box 2002, Allen TX 75013 To report fraud, call: 888-EXPERIAN (397-3742) and write: P.O. Box 9530, Allen TX 75013 TDD: 1-800-972-0322
  • Trans Union - www.transunion.com To order your report, call: 800-888-4213 or write: P.O. Box 1000, Chester, PA 19022 To report fraud, call: 800-680-7289 and write: Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92634 TDD: 1-877-553-7803

Notify your bank(s) and ask them to flag your account and contact you regarding any unusual activity.

  • If bank accounts were set up without your consent, close them.
  • If your ATM card was stolen, get a new card, account number and PIN.

Contact your local police department to file a criminal report.

Contact the Social Security Administration’s Fraud Hotline to report the unauthorized use of your personal identification information.

Notify the Department of Motor Vehicles of your identity theft.

  • Check to see whether an unauthorized license number has been issued in your name.

Notify the passport office to watch out for anyone ordering a passport in your name. File a complaint with the Federal Trade Commission.

  • Ask for a free copy of "ID Theft: When Bad Things Happen in Your Good Name", a guide that will help you guard against and recover from your theft.

File a complaint with the Internet Fraud Complaint Center.

Document the names and phone numbers of everyone you speak to regarding the incident. Follow-up your phone calls with letters. Keep copies of all correspondence.

If you have given out your credit or debit or ATM card information in a phishing scam:

Report the theft of this information to the card issuer as quickly as possible

  • Many companies have toll-free numbers and 24-hour service to deal with such emergencies.

Cancel your account and open a new one

Review your billing statements carefully after the loss

  • If they show any unauthorized charges, it's best to send a letter to the card issuer describing each questionable charge.

Credit Card Loss or Fraudulent Charges

  • Your maximum liability under federal law for unauthorized use of your credit card is $50. If the loss involves your credit card number, but not the card itself, you have no liability for unauthorized use

ATM or Debit Card Loss or Fraudulent Transfers

  • Your liability under federal law for unauthorized use of your ATM or debit card depends on how quickly you report the loss.

You risk unlimited loss if you fail to report an unauthorized transfer within 60 days after your bank statement containing unauthorized use is mailed to you.

How to Report a Phishing Scam if you have been a Victim

  • Forward emails you suspect are a phishing scam and are phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email
  • If you think you've been a victim of a phishing scam, file your complaint with the FTC, and then visit the FTC's Identity Theft website Phishing Scam. Victims of phishing can become victims of identity theft
  • You can report phishing email to reportphishing@antiphishing.org. The Anti-Phishing Working Group, a consortium of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing



  1. Home
  2. Credit Card Scams
  3. Phishing Scam