What it is
Phishing (FISH-ing) refers to a scheme used to trick an individual into providing bank, credit card, or financial account information by sending a fraudulent email purporting to be from a bank, Internet provider, or another institution asking for account numbers, passwords or any other personal financial information. Thieves are "phishing" for information.
How it works
In phishing, cyber-criminals send emails that seem to be from legitimate financial institutions or other companies asking for confirmation of personal or account information. The email may ask for a simple reply or provide a link to a legitimate-appearing website. The techniques vary, but in many cases the email uses dire warnings to drive users to confirm their credentials or accounts without first confirming the email.
Cyber-criminals use these techniques to get you to reveal confidential information so they can commit direct theft or steal your identity and commit other fraudulent activities.
How to protect yourself
Follow these five suggestions to help protect yourself from phishing scams.
It is better to err on the side of caution. Unless you are 100% sure that a particular message is legitimate, assume it is not. If you do use a link in an email, you should never supply your username, password or account information in such a reply. Thrivent Financial would never ask you to verify your credentials via email.
If you suspect the email is legitimate, close your browser, open a new one and access the company's website independently. If there is anything wrong with the account, reputable companies will post at the site after you log in.
Or, use the old-fashioned way – pick-up the telephone and call the company's customer service, explain the email, and verify if the email is legitimate or a phishing scam.
Let technology help you
Download the latest web browser for your system and keep it patched. The latest generation web browsers come with built-in phishing protection. These browsers will analyze websites and compare them against known or suspected phishing sites and warn you if the site you are visiting may be malicious or illegitimate.
Know what signifies secured websites, and where to find these indicators within you browser. Be skeptical of any site that triggers browser warnings such as certificate errors or where personal information isn't being transmitted in a secure manner.
Take simple precautions to protect your accounts
Use passwords greater than eight characters or use passsphrases (sentences such as "I have a purple dog"), that are harder to guess or crack. Don't use the same passwords for email or social sites that you use for your financial sites. Change your passwords regularly, we recommend every 60 days.
Do your homework
Know when your statements arrive and analyze them closely for transactions you can't account for. If you find problems contact the company or financial institution immediately.
Report suspicious activity
If you receive emails that are part of a phishing scam or even seem suspicious and is targeting a financial institution or company you work with, report it to them.
In addition, you can report suspicious activity to the Internet Crime Complaint Center at www.IC3.Gov (Link opens in new window) or to the Federal Trade Commission (FTC) at www.ftc.gov (Link opens in new window).
If it happens to you
If you discover that you have responded to a fraudulent email, contact the company or financial institution immediately so they can help protect your account and identity. Change your online account passwords immediately.
For more information
For more information on phishing or identity theft, go to www.antiphishing.org (Link opens in new window). Each year, phishing con artists convince 5% of the public to fall for their scams. Make sure it's not you.
Content includes information from the Wisconsin Bankers Association, www.wisbank.com (Link opens in new window) and About.com, http://netsecurity.about.com/od/security101/a/phishprotect.htm (Link opens in new window).