Skip to content

Getting “Phished”

October 18, 2010

I was just asked the question, what you do if you think someone sent you a “phishing” email.  I know this is a long post — but definitely sit down to read this when you have the time.

A phishing scam is one in which victims are tricked into providing personal information such as account numbers, passwords and credit card details to what they believe to be a legitimate company or organization. In order to carry out this trick, the scammers often create a “look-a-like” webpage that is designed to resemble the target company’s official website. Typically, emails are used as “bait” in order to get the potential victim to visit the bogus website. The emails use various devious ruses to trick readers into clicking on the included links, thereby opening the bogus website. Information submitted on these bogus websites is harvested by the scammers and may then be used to steal funds from the user’s accounts and/or steal the victim’s identity.

Phishing scam emails are created to give the illusion that they have been sent by a legitimate institution. Emails may arrive in HTML format and include logos, styling, contact and copyright information virtually identical to those used by the targeted institution. To further create the illusion of legitimacy, some of the secondary links in these bogus emails may lead to the institution’s genuine website. However, one or more of the hyperlinks featured in the body of the email will point to the fraudulent website.

Links in phishing scam messages are often disguised to make it appear that they lead to the genuine institution site. The sender address of the email may also be disguised in such a way that it appears to have originated from the targeted company. Because they are sent in bulk to many recipients, scam emails use generic greetings such as “Dear account holder” or “Dear [targeted institution] customer”. If an institution needed to contact a customer about some aspect of his or her account, the contact email would address the customer by name.


The entire purpose of a typical phishing scam is to get the recipient to provide personal information. If you receive any unsolicited email that asks you to click a link and provide sensitive personal information, then you should view the message with the utmost suspicion. It is highly unlikely that a legitimate institution would request sensitive information in such a way. Do not click links or open attachments in such messages. Do not reply to the senders. If you have any doubts at all about the veracity of the email, contact the institution directly to check.

Do NOT respond to the original email. Contact the company by manually typing in the address to get their information. Contact customer support of the company who supposedly sent you the email via email or phone, and ask them to verify whatever claims are being made in the email.

Do NOT click on any links stated on the email.

Always report “phishing” e-mails to the following groups by forwarding the email to: :
Federal Trade Commission:
Or file a complaint at the Internet Fraud Complaint Center of the FBI website.

When forwarding spoofed messages, always include the entire original email with its original header information intact.

Document the names and phone numbers of everyone you speak to regarding the incident. Follow-up your phone calls with letters. Keep copies of all correspondence.

If you have given out your credit or debit or ATM card information: Report the theft of this information to the card issuer as quickly as possible. Many companies have toll-free numbers and 24-hour service to deal with such emergencies. Cancel your account and open a new one.

Review your billing statements carefully after the loss. If the loss involves your credit card number, but not the card itself, you have no liability for unauthorized use.

Hope this helps! Let me know if you need a cleanup!




No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: