Phishing (pronounced "fishing") is a scam to steal valuable information such as credit card and Social Security numbers, user IDs, and passwords. In phishing, also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, credit union, bank, or retail establishment. E-mails can be sent to people on selected lists or on any list, and the scammers expect some percentage of recipients will actually have an account with the real organization.
Vishing, (Voice phISHING) also called "VoIP phishing for the Internet phones," is the voice counterpart to phishing. Instead of being directed by e-mail to a Web site, an e-mail message asks the user to make a telephone call. The call triggers a voice response system that asks for the user's card number or other personal or financial information. The initial bait can also be a telephone call with a recording that instructs the user to phone an 800 number or another area code within or outside of the United States.
Land Line Telephone "VISHING" & VoIP (Internet Phones "VISHING")
In either case, because people are used to entering card numbers over the phone, this technique can be effective. Voice over IP (VoIP) is used for vishing because caller IDs can be spoofed and the entire operation can be brought up and taken down in a short time, compared to a land line telephone.
Smishing (SMS phISHING) is the mobile phone counterpart to phishing. Instead of being directed by e-mail to a Web site, a text message is sent to the user's cell phone or other mobile device with some ploy to click on a link. The link causes a Trojan to be installed in the cell phone or other mobile device.
This new scam occurs where the phisher is creating a letter and sending it through the mail to individuals to respond to the letter by calling a phone number. The phisher outlines in the letter that the individual must respond for their own protection. This scam is used in conjunction with other channels to steal valuable personal and financial information of the individual receiving the letter.
"Identity Theft" is the act of obtaining a person's critical information, such as birth date, Social Security number, address, name and bank account information, for fraudulent purposes.
New! Mail Letter "PHISHING"
Most commonly, Identity Theft is used to conduct charges and purchases under the victim's identity.
Deter identity thieves by safeguarding your information.
How to Deter Identity Theft
- Shred financial documents and paperwork with personal information before discarding them.
- Protect your Social Security number. Don't carry your Social Security card in your wallet or write your Social Security number on a check. Give it out only if absolutely necessary or ask to use another identifier.
- Don't give out personal information on the phone, through mail, or over the Internet unless you know who you are dealing with.
- Never click on links sent in unsolicited emails; instead, type in a web address you know. User firewalls, anti-spyware, and anti-virus software to protect your home computer; keep them up-to-date. Visit OnGuardOnline.gov for more information.
- Don't use an obvious password like your birth date, your mother's maiden name, or the last four digits of your Social Security number.
- Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your house.
Detect suspicious activity by routinely monitoring your financial accounts and billing statements.
How to Detect Identity Theft
Be alert to signs that require immediate attention:
- Bills that do not arrive as expected
- Unexpected credit cards or account statements
- Denials of credit for no apparent reason
- Calls or letters about purchases you did not make
- Your credit report. Credit reports contain information about you, including what accounts you have and your bill paying history.
The law requires the major nationwide consumer reporting companies - Equifax, Experian, and TransUnion - to give you a free copy of your credit report each year if you ask for it.
Visit AnnualCreditReport.com or call 1-877-322-8228, a service created by these three companies, to order your free credit reports each year. You can also write:
Annual Credit Report Request Service
P.O. Box 105281
Atlanta, GA 30348-5281
- Your financial statements. Review financial accounts and billing statements regularly, looking for charges you did not make.
Defend against identity theft as soon as you suspect it.
How to Defend Identity Theft
- Place a "Fraud Alert" on your credit reports, and review the reports carefully. The alert tells creditors to follow certain procedures before they open new accounts in your name or make changes to your existing accounts. The three nationwide consumer reporting companies have toll-free numbers for placing an initial 90-day fraud alert; a call to one company is sufficient:
Equifax: 1-800-525-6285 - equifax.com
Experian: 1-888-EXPERIAN (397-3742) - experian.com
TransUnion: 1-800-680-7289 - transunion.com
Placing a fraud alert entitles you to free copies of your credit reports. Look for inquiries from companies you haven't contacted, accounts you didn't open, and debts on your accounts that you can't explain.
- Close accounts. Close any accounts that have been tampered with or established fraudulently.
Call the security or fraud departments of each company where an account was opened or changed without your consent. Follow up in writing, with copies of supporting documents.
Use the ID Theft Affidavit at ftc.gov/idtheft to support your written statement.
Ask for verification that the disputed account has been closed and the fraudulent debts discharged.
Keep copies of documents and records of your conversations about the theft.
- File a police report. File a report with law enforcement officials to help you with creditors who may want proof of the crime
- Report the theft to the Federal Trade Commission. Your report helps law enforcement officials across the country in their investigations.
By Phone: 1-877-ID-THEFT (438-4338)
By mail: Identity Theft Clearinghouse
Federal Trade Commission, Washington, DC 20580
Skilled identity thieves use a variety of methods to steal your personal information, including:
Common Ways ID Theft Happens
1. Dumpster Diving. They rummage through trash looking for bills or other paper with your personal information on it.
2. Skimming. They steal credit/debit card numbers by using a special storage device when processing your card.
3. Phishing. They pretend to be financial institutions or companies and send spam or pop-up messages to get you to reveal your personal information.
4. Changing Your Address. They divert your billing statements to another location by completing a "change of address" form.
5. Old-Fashioned Stealing. They steal wallets and purses; mail, including bank and credit card statements; pre-approved credit offers; and new checks or tax information. They steal personnel records from their employers, or bribe employees who have access.
Recently, there have been multiple e-mail fraud attempts, known as "Phishing", that were initiated via e-mail sent to both the general public and to some credit union members that appeared to be from NCUA. This false e-mail asked for the recipient to click on a link to verify their credit union account registration. If the recipient proceeded to do so, the link directed them to a false website and asked for their credit union account number and PIN, along with other personal information.
---------- Internet/E-Mail Fraud Alert ----------
NCUA does not ask credit unions members for such personal information. Anyone who receives an e-mail that purports to be from NCUA and asks for account information should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.
If you responded to such an e-mail and provided any confidential account information, please notify your credit union immediately of the scheme. You should also change your account’s PIN, and take any additional action recommended by your credit union to protect your account.
If you feel that you have received a fraudulent phishing e-mail purportedly from NCUA please forward the entire e-mail message to Phishing@ncua.gov
Additionally, you can file formal complaints concerning any suspected fraudulent e-mail with the Internet Fraud Complaint Center (IFCC) at www.ic3.gov. The IFCC is a partnership between the Federal Bureau of Investigation, and the National White Collar Crime Center.
South Florida Federal Credit Union does not ask our members for personal information. Anyone who receives an e-mail that purports to be from SFFCU and asks for account information should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.
If you responded to such an e-mail and provided any confidential account information, please notify us immediately at 305.545.0744. You should also change your account’s PIN.
If you feel that you have received a fraudulent phishing e-mail purportedly from SFFCU please forward the entire e-mail message to email@example.com