How to tell if an e-mail message is fraudulent

• "Verify your account."
  Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail.  If you receive an e-mail asking you to update your credit card information, do not respond: this is a phishing scam.
• "If you don't respond within 48 hours, your account will be closed."
  These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail messages might even claim that your response is required because your account might have been compromised.
• "Dear Valued Customer."
  Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.
• "Click the link below to gain access to your account."
  HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site.  The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site.
  

Follow these guidelines to help protect yourself from phishing scams sent through e-mail.

1. If you think you've received a phishing e-mail message, do not respond to it. 
If an e-mail looks suspicious, don't risk your personal information by responding to it.

2. Approach links in e-mail messages with caution.

Links in phishing e-mail messages often take you to phony sites that encourage you to transmit personal or financial information to con artists. Avoid clicking a link in an e-mail message unless you are sure of the real target address, or URL.

3. Don't trust the sender information in an e-mail message.

Even if the e-mail message appears to come from a sender that you know and trust, use the same precautions that you would use with any other e-mail message.  Fraudsters can easily spoof the identity information in an e-mail message.

4. Verify the identity and security of the Web site.

Example of a secure site lock icon. If the lock is closed, then the site uses encryption. The closed lock icon signifies that the Web site uses encryption to help protect any sensitive, personal information that you enter, such as your credit card number, Social Security number, or payment details. Note that this symbol doesn't need to appear on every page of a site, only on those pages that request personal information.

Unfortunately, even the lock symbol can be faked. To help increase your safety, double-click the lock icon to display the security certificate for the site. The name following Issued to should match the name of the site.

If the name differs, you may be on a fake site, also called a "spoofed" site. If you're not sure whether a certificate is legitimate, don't enter any personal information. Play it safe and leave.

5. Type addresses directly into your browser or use your personal bookmarks.  Update your browser.

If you need to update your account information or change your password, visit the Web site by using your personal bookmark or by typing the URL directly into your browser.

7. Don't trust offers that seem too good to be true
If a deal or offer in an e-mail message looks too good to be true, it probably is. Exercise your common sense when you read and respond to e-mail messages.

8. Report suspicious e-mail.
Report the e-mail to the faked or "spoofed" organization.
Contact the organization directly-not through the e-mail you received-and ask for confirmation. Or call the organization's toll-free number and speak to a customer service representative. Report the e-mail to the proper authorities, including the FBI, the Federal Trade Commission (FTC), and the Anti-Phishing Working Group.

9. Don't enter personal or financial information into pop-up windows.

Phishing Scams by phone or e-mail

Beware of phishing attempts over the phone and by e-mail. Phishing is a scam that involves Internet criminals who try to trick people into giving up personal information (such as credit card numbers, PINs, financial accounts or other sensitive information).
Phishing scams involve a phone call where criminals attempt to extract personal information from you over the phone with you selecting a course of numbers on the phone pin pad. The callers use telephone solicitation and telephone call back techniques to prey upon your trust for telephone-based fraud alerts from your financial institution.
It's important to be aware of some common traits of phishing:

• Requests involving the use of names of businesses or persons that would be trusted.
• Creating a sense of urgency to respond (winning a prize or money)
• Indicating consequences that make you act quickly without thinking -- like losing access to your financial account, your e-Bay account or getting arrested because you failed to show up for jury duty.

Many e-mail phishing attempts have misspellings and grammatical errors.
A recent trend has been to play on events in the news that have generated public concern. For example, there is a current phishing e-mail that appears to be from the NCUA and related to the TJX (Marshall's, TJ Maxx, Home Goods) data security breach, which was in the news in January. The false e-mail discusses the TJX breach, warning that "magnetic strip information was being stored and your PIN may have been captured". It strongly urges "NCUA's members" to update their information within the next 48 hours by clicking on a link provided in the email to "verify their credit union registration".

Another phishing email that appears to be from the NCUA asks recipients to email or fax their Social Security Numbers and credit and debit card numbers so that the agency can update their database to monitor accounts to foil previous fraud attempts. As with all other phishing e-mails, the criminals who generated these have been sending them to millions of email addresses, not knowing whether the recipients' information was or was not part of the TJX compromise and not knowing whether the recipients are members of credit unions. If you don't respond, they won't have your information.

Other phishing emails are designed to load malicious software on your computer to gather information or just to do damage. The best ways to avoid compromising your computer's security via this type of email are to ensure that you keep updated anti-virus software on your computer and avoid opening emails unless you know the sender and have confidence in their ability to maintain the security of their systems. Be careful of e-mails with attachments in particular.