Phishing

Phishing (FISH-ing) refers to a scheme used to trick an individual into providing bank, credit card, or financial account information by sending a fraudulent email purporting to be from a bank, Internet provider, or another institution asking for account numbers, passwords or any other personal financial information. Thieves are "phishing" for information.

In phishing, cyber-criminals send emails that seem to be from legitimate financial institutions or other companies asking for confirmation of personal or account information. The email may ask for a simple reply or provide a link to a legitimate-appearing website. The techniques vary, but in many cases, the email uses dire warnings to drive users to confirm their credentials or accounts without first confirming the email.

Cyber-criminals use these techniques to get you to reveal confidential information so they can commit direct theft or steal your identity and commit other fraudulent activities.

Follow these five suggestions to help protect yourself from phishing scams.

It is better to err on the side of caution. Unless you are 100% sure that a particular message is legitimate, assume it is not. If you do use a link in an email, you should never supply your username, password or account information in such a reply. Thrivent would never ask you to verify your credentials via email.

If you suspect the email is legitimate, close your browser, open a new one and access the company's website independently. If there is anything wrong with the account, reputable companies will post at the site after you log in.

Or, use the old-fashioned way—pick up the telephone and call the company's customer service, explain the email, and verify if the email is legitimate or a phishing scam.

Download the latest web browser for your system and keep it patched. The latest generation web browsers come with built-in phishing protection. These browsers will analyze websites and compare them against known or suspected phishing sites and warn you if the site you are visiting may be malicious or illegitimate.

Know what signifies secured websites, and where to find these indicators within your browser. Be skeptical of any site that triggers browser warnings such as certificate errors or where personal information isn't being transmitted in a secure manner.

Use passwords greater than eight characters or use passphrases (sentences such as "I have a purple dog"), that are harder to guess or crack. Don't use the same passwords for email or social sites that you use for your financial sites. Change your passwords regularly, we recommend every 60 days.

Know when your statements arrive and analyze them closely for transactions you can't account for. If you find problems contact the company or financial institution immediately.

If you receive emails that are part of a phishing scam or even seem suspicious and are targeting a financial institution or company you work with, report it to them.

In addition, you can report suspicious activity to the Internet Crime Complaint Center at www.IC3.Gov or to the Federal Trade Commission (FTC) at www.ftc.gov.

If you discover that you have responded to a fraudulent email, contact the company or financial institution immediately so they can help protect your account and identity. Change your online account passwords immediately.

For more information on phishing or identity theft, go to www.antiphishing.org. Each year, phishing con artists convince 5% of the public to fall for their scams. Make sure it's not you.