There are plenty of people out there trying to separate you from your money. Don't be tricked into giving your account or Social Security number out if anyone asks for it over the phone or in an e-mail.

These schemes are called “phishing” or “vishing” and they're trying to hook you. Don't bite, or you may get bitten! The crooks may look or sound like your own financial institution, but remember, your bank or credit union already knows your personal information.

WSBT has compiled information with our local financial institution partners on phishing and vishing schemes. Take time and learn everything you can to be smarter than the criminals. (Story continues below.)

What is Phishing? 

Phony emails are sent to people across the Internet that appear to be from reputable organizations, but are not. The emails are from criminals who attempt to lure the recipient into providing personal financial information such as debit or credit card numbers, Social Security numbers, etc. by “spoofing” a reputable company's brand. This is usually done by copying logos from the company's Web site.

The crooks broadcast a large number of these phony emails to hundreds or even thousands of Internet email users. They don't know if any of the recipients have an account with the company they're spoofing, and they don't know if the recipients will "take the bait" or not.

The emails will either try to entice or scare you into providing information, using language like "complete this survey and we'll deposit $50 to your debit account" or "update your account information to avoid deactivation." They usually contain embedded links to fraudulent Web sites where the phishers try to collect the confidential information mentioned above.

It's important to note that the company being spoofed has nothing to do with the scam. Its name is just being used to coax you into the scheme.

Who is the target?
Anyone with an Internet email address will receive a phishing email at some point, and the numbers are on the rise. If your email address is posted on the Internet, you will be much more likely to receive a phishing email.

How did the phishers get my email address?
Schools, universities, government agencies and some businesses and associations post staff, student and other email addresses on the Internet. Sometimes people use their email addresses when posting to blogs or online forums. Sometimes, people click on "unsubscribe" buttons in spam email, thus providing the phisher with a valuable acknowledgement that your email address is correct!

When the email addresses can be tied to a certain region, they are especially enticing to phishers, as a regionally-targeted email list increases the odds of success with their scams. Why? By pairing the geographic blend of your email address location to a corresponding local financial institution, the phishers are much more likely to "net" people who belong to that institution. They mimic the local institution's brand in an effort to lure you into providing confidential information.

Why is it increasing?
Because estimates are that 1 in 20 people who receive a phishing email fall for the scam and provide their confidential information!

What should I do if I receive an email that looks suspicious?
If the email looked like it came from your financial institution, contact that company immediately. They may already be aware of the scheme, but any information you provide may be helpful in protecting others.

What do I do if I received an email that I now suspect may be a scam, and I revealed confidential information?
If you entered your account information, contact your financial institution immediately. You may also visit Fighting Back Against Identity Theft. Review the instructions there, and keep a printout available in the event you must follow them.

Where can I go for more information?
Check out these links!

Anti-Phishing Working Group
eBay: Tutorial Spoof (fake) Emails
PayPal: Protect Yourself From Fraudulent Emails and Websites
Public Advisory: Special Report for Consumers on Identity Theft (.pdf)

Is vishing different from phishing?
Yes. Vishing is a scam that uses fraudulent call-back or caller-ID-displayed telephone numbers. The criminals behind the scam will pretend to be representatives of your financial institution, or some other company with whom you might do business. They begin by using one of these tactics: (1) They may send you an email with a fraudulent telephone number for you to call back, or (2) They may call your telephone number and leave a voice mail message or talk to you.

In any case, they will try to entice you to provide your personal information by using scare tactics such as, "We need to update your account," "We believe your credit card has been used fraudulently," or "Your account is overdrawn. To avoid penalties or account termination, call…" They may also tell you they'd like to reward you for completing a survey – could you provide your account numbers so they can credit your account? They will try any method they believe is likely to work.

How did they get my telephone number?
Telephone numbers are publicly available, unless they're unlisted. They can be harvested from a paper or online telephone directory. Typically, the scammers will upload numbers from an entire region.

Why did I receive a call?
Your telephone number was in the directory the criminals used. They don't know who in the directory might be a member, but they do know that, statistically, their odds of calling someone who lives in a region served by its local financial institutions or other organizations will be better. This increases their odds for success.

Are there more links I can visit to protect myself and my family?

How to protect yourself against Internet fraud
Federal Trade Commission's publication addressing identity theft facts for consumers
Information on spyware, viruses, hackers and online safety
Identity theft, phishing, general Internet & e-commerce topics
Safe Internet banking, avoiding identity theft and phishing