Consumer Reports WebWatch : What's Really Going On
advanced search
For Consumers For Media For Businesses
home about investigations guidelines consumer center media contact
Site Map Print this Page
  LOGIN   |   REGISTER
 
you are here: Consumer Center > Fraud > Consumer Tips
TOPICS:
En Espanol
Where to File an Internet Fraud Complaint
Top 10 Internet Scams
Web Credibility
Travel
Search Engines
Health
Consumer Groups
Financial
Families and Children
Privacy
Journalism
Online Advertising
Fraud
Non-Profit Sites

Privacy Policy


 
Tools
 
Increase Font Size
Decrease Font Size

 
 
 
 
Fraud Consumer Tips
 

Don't Get Hooked: Tips for Avoiding 'Phishing' and 'Spoofing'

November 13, 2003

Compiled by the Consumer Reports WebWatch Staff

"Phishing" is a new word and a new worry for many consumers. The FBI called it the "hottest, and most troubling, new scam on the Internet." American Online, eBay and Best Buy have been victims of it. But what, exactly, is it?

"Phishing" — sometimes called "spoofing" or "carding" — refers to online scammers posing as legitimate companies in e-mail to dupe consumers into sharing their credit-card, billing-routing, and Social Security numbers, among other sensitive information.

Here's how it works: con artists e-mail consumers pretending to be a company that person has done business with — such as a bank or Internet service provider — and ask the recipient to update or validate their billing information or risk having the account closed. The e-mail message usually contains a link to a Web site that looks like the real deal, with logos and information you might find on the site of a legitimate business you trust. However, this look-alike site is an imposter, and consumers who input their personal information often become victims of identity theft, experts say.

The U.S. Federal Trade Commission (FTC) and FBI offer these tips to avoid being "phished":

  • Don't reply to e-mail messages requiring you to share personal information to avoid the sudden closure of your account. Do not click on links within the e-mail.
  • Open a new browser window and type in a Web address you know to be genuine to reach the company cited in the e-mail. Or call the company instead.
  • Look for a "lock" icon at the bottom of your browser and make sure "https" appears in front of the Web address before submitting any personal or financial information through a Web site. These visual clues tell you the information being transferred is secure.
  • Report suspicious e-mail to your Internet service provider, or send the actual spam to the FTC (uce@ftc.gov).
    • review credit-card and bank statements monthly for any unauthorized activity and report discrepancies immediately.

  
Report Tools
Print this story

Write to the editor
 © Consumers Union of U.S., Inc.