What it is

Phishing (FISH-ing) refers to a scheme used to trick an individual into providing bank, credit card, or financial account information by sending a fraudulent email purporting to be from a bank, Internet provider, or another institution asking for account numbers, passwords or any other personal financial information. Thieves are "phishing" for information.

How it works

In phishing, cyber-criminals send emails that seem to be from legitimate financial institutions or other companies asking for confirmation of personal or account information. The email may ask for a simple reply or provide a link to a legitimate-appearing website. The techniques vary, but in many cases the email uses dire warnings to drive users to confirm their credentials or accounts without first confirming the email.

Cyber-criminals use these techniques to get you to reveal confidential information so they can commit direct theft or steal your identity and commit other fraudulent activities.

How to protect yourself

Follow these five suggestions to help protect yourself from phishing scams.

Be skeptical

It is better to err on the side of caution. Unless you are 100% sure that a particular message is legitimate, assume it is not. If you do use a link in an email, you should never supply your username, password or account information in such a reply. Thrivent would never ask you to verify your credentials via email.

If you suspect the email is legitimate, close your browser, open a new one and access the company's website independently. If there is anything wrong with the account, reputable companies will post at the site after you log in.

Or, use the old-fashioned way – pick-up the telephone and call the company's customer service, explain the email, and verify if the email is legitimate or a phishing scam.

Let technology help you

Download the latest web browser for your system and keep it patched. The latest generation web browsers come with built-in phishing protection. These browsers will analyze websites and compare them against known or suspected phishing sites and warn you if the site you are visiting may be malicious or illegitimate.

Know what signifies secured websites, and where to find these indicators within you browser. Be skeptical of any site that triggers browser warnings such as certificate errors or where personal information isn't being transmitted in a secure manner.

Take simple precautions to protect your accounts

Use passwords greater than eight characters or use passsphrases (sentences such as "I have a purple dog"), that are harder to guess or crack. Don't use the same passwords for email or social sites that you use for your financial sites. Change your passwords regularly, we recommend every 60 days.

Do your homework

Know when your statements arrive and analyze them closely for transactions you can't account for. If you find problems contact the company or financial institution immediately.

Report suspicious activity

If you receive emails that are part of a phishing scam or even seem suspicious and is targeting a financial institution or company you work with, report it to them.

In addition, you can report suspicious activity to the Internet Crime Complaint Center at www.IC3.Gov (Link opens in new window) or to the Federal Trade Commission (FTC) at (Link opens in new window).

If it happens to you

If you discover that you have responded to a fraudulent email, contact the company or financial institution immediately so they can help protect your account and identity. Change your online account passwords immediately.

For more information

For more information on phishing or identity theft, go to (Link opens in new window). Each year, phishing con artists convince 5% of the public to fall for their scams. Make sure it's not you.