Phishing Scams

Internet scammers casting about for personal financial information have a new way to lure unsuspecting victims: They go phishing.

Phishing, also called carding, is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing credit card numbers, bank account information, Social Security number, passwords and other sensitive information.

According to the Federal Trade Commission (FTC), phishers send an email or pop–up message that claims to be from a legitimate business or organization that you deal with—your Internet Service Provider (ISP), credit union, online payment service or even a government agency. The message usually says you need to update or validate your account information, and may threaten dire consequences if you don't respond.

The message directs you to a website that looks just like a legitimate organization's site, but it isn't. It's a clever facsimile designed to trick you into divulging personal information so the operators can steal your identity, exploit your credit, or commit crimes in your name.

To avoid phishing attacks, the FTC, the nation's consumer protection agency, offers this guidance:

  • If you get an email or pop-up message asking for personal or financial information, do not reply or click on the link. Legitimate companies don't ask for this information via email. If you are concerned about your account, contact the organization using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address. Never cut and paste the link in the message.
  • Don't email personal or financial information. Email is not a secure method for transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization's website, look for indicators that the site is secure, like a lock icon on the browser's status bar ( ) or a URL that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
  • Review credit card and credit union account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or financial institution to confirm your billing address and account balances.
  • Use anti–virus software and keep it up to date. Some phishing emails contain software that can harm your computer or track your Internet activities without your knowledge. Anti–virus software scans incoming communications for troublesome files and can protect you from inadvertently accepting them. Look for anti–virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.
  • A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It's especially important to run a firewall if you have a broadband connection. Finally, your operating system (like Windows or Linux) may offer free software "patches" to close holes in the system that hackers or phishers could exploit.
  • Be cautious about opening attachments or downloading files from emails you receive, regardless of who sent them. These files can contain viruses and other malware that can weaken your computer's security.
  • Report suspicious activity to the FTC. If you get spam that is phishing for information, forward it to If you believe you've been scammed, file a complaint at, then visit the FTC's Identity Theft Website to learn how to minimize the damage. Visit to learn other ways to avoid email scams and deal with deceptive spam.
  • The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit or call toll–free, 1–877–FTC–HELP (1–877–382–4357); TTY: 1–866–653–4261. The FTC maintains Consumer Sentinel, a secure, online database of Internet, telemarketing, identity theft and other fraud–related complaints that is available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

View My Accounts

Open an Account

We're Here to Help You

(800) 451-4292    Hours
Email Us