How to Avoid Phishing and Vishing Attacks
Phishing is a form of social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords, account, credit card details, etc. by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an e-mail or an instant message. Often the message includes a warning regarding a problem related to the recipient’s account and requests the recipient to respond by following a link to a fraudulent website and providing specific confidential information. The format of the e-mail typically includes proprietary logos and branding, such as a “From” line disguised to appear as if the message came from a legitimate sender, and a link to a website or a link to an e-mail address. All of these features are designed to assure the recipient that the e-mail is from a legitimate business source when in fact, the information submitted will be sent to the perpetrator.
Phishing attacks are growing quite sophisticated and difficult to detect, even for the most technically savvy people. And many people are getting onto the Internet and using email or Web browsers for the first time. As a result, some people are going to continue to be fooled into giving up their personal financial information in response to a phishing email or on a phishing website. If you have been tricked this way, you should assume that you will become a victim of credit card fraud, financial institution fraud, or identity theft.
Vishing, short for "voice phishing", is a method to obtain personal information via the telephone. In the form of an automated voice message, the goal is to get the victim to call a phone number to verify personal account details including credit card numbers. The voice message is often urgent notifying the victim that their credit union/bank account or PayPal accounts were supposedly compromised. If you receive a phone call or voice message to provide personal information...DO NOT RESPOND!
Below is some advice on what to do if you feel you are a victim of a phishing or vishing scam:
- Report the theft of this information to the card issuer as quickly as possible. Many companies have toll-free numbers and 24-hour service to deal with such emergencies.
- Cancel your account and open a new one.
- Review your billing statements carefully after the loss. If they show any unauthorized charges, it's best to send a letter to the card issuer describing each questionable charge.
- Credit Card Loss or Fraudulent Charges (Fair Credit Billing Act):
- Your maximum liability under federal law for unauthorized use of your credit card is $50.
- If the loss involves your credit card number, but not the card itself, you have no liability for unauthorized use.
- ATM or Debit Card Loss or Fraudulent Transfers (Electronic Funds Transfer Act)
- Your liability under federal law for unauthorized use of your ATM or debit card depends on how quickly you report the loss.
- You risk unlimited loss if you fail to report an unauthorized transfer within 60 days after your bank statement containing unauthorized use is mailed to you.
- Report the theft of this information to the bank as quickly as possible.
- Some phishing attacks use viruses and/or Trojans to install programs called "key loggers" on your computer. These programs capture and send out any information that you type to the phisher, including credit card numbers, usernames, passwords, Social Security Numbers, etc. In this case, you should:
- Install and/or update anti-virus and personal firewall software.
- Update all virus definitions and run a full scan.
- Confirm every connection your firewall allows.
- If your system appears to have been compromised, fix it and then change your password again, since you may well have transmitted the new one to the hacker.
- Check your other accounts! The hackers may have helped themselves to many different accounts: eBay account, PayPal, your email ISP, online bank accounts, online trading accounts, e-commerce accounts, and everything else for which you use online password.
What to do if you are a phishing victim
Identity theft occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes. If you have given out this kind of information to a phisher or visher, you should do the following:
Report the theft to the three major credit reporting agencies, Experian, Equifax and TransUnion Corporation, and do the following:
- Request that they place a fraud alert and a victim’s statement in your file.
- Request a FREE copy of your credit report to check whether any accounts were opened without your consent. You can find information about obtaining free credit reports on the Federal Trade Commission’s website at: http://www.ftc.gov/bcp/conline/edcams/freereports/index.html.
- Request that the agencies remove inquiries and/or fraudulent accounts stemming from the theft.
Major Credit Bureaus:
- Equifax - www.equifax.com:
- To order your report, call: 800-685-1111 or write: P.O. Box 740241, Atlanta, GA 30374-0241.
- To report fraud, call: 800-525-6285 and write: P.O. Box 740241, Atlanta, GA 30374-0241.
- Hearing impaired call 1-800-255-0056 and ask the operator to call the Auto Disclosure Line at 1-800-685-1111 to request a copy of your report.
- Experian - www.experian.com:
- To order your report, call: 888-EXPERIAN (397-3742) or write: P.O. Box 2002, Allen TX 75013.
- To report fraud, call: 888-EXPERIAN (397-3742) and write: P.O. Box 9530, Allen TX 75013 TDD: 1-800-972-0322
- Trans Union - www.transunion.com:
- To order your report, call: 800-888-4213 or write: P.O. Box 1000, Chester, PA 19022.
- To report fraud, call: 800-680-7289 and write: Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92634 TDD: 1-877-553-7803.
- Notify your financial institution(s) and ask them to flag your account and contact you regarding any unusual activity:
- If bank accounts were set up without your consent, close them.
- If your ATM card was stolen, get a new card, account number, and PIN.
- Contact your local police department to file a criminal report.
- Contact the Social Security Administration’s Fraud Hotline to report the unauthorized use of your personal identification information. 1-800-772-1213 or TTY 1-800-325-0778
- Notify the Department of Motor Vehicles of your identity theft:
- Check to see whether an unauthorized license number has been issued in your name.
- Notify the passport office to be watch out for anyone ordering a passport in your name.
- File a complaint with the Federal Trade Commission:
- Ask for a free copy of "ID Theft: When Bad Things Happen in Your Good Name", a guide that will help you guard against and recover from your theft. You can file a complaint online at http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/filing-a-report.html. FTC's Identity Theft Hotline, toll-free: 1-877-IDTHEFT (438-4338); TTY: 1-866-653- 4261; or write: Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
- File a complaint with the Internet Crime Complaint Center (IFCC)
- The Internet Fraud Complaint Center (IFCC) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), with a mission to address fraud committed over the Internet.
- For victims of Internet fraud, IFCC provides a convenient and easy-to-use reporting mechanism that alerts authorities of a suspected criminal or civil violation.
- Document the names and phone numbers of everyone you speak to regarding the incident. Follow-up your phone calls with letters. Keep copies of all correspondence.