Preventing Identity Theft
Phishing—Don't Take the Bait
There is a new sport in town that involves some real poachers. It's called "phishing"—and the phishermen are trolling for your personal financial information. Phishers use spam—unwanted e-mail—to lure people to fake Web sites to obtain personal information and commit identity theft. Victims receive fraudulent e-mails containing authentic looking logos and familiar graphics. They often will lead to a "spoofed" or fake site that looks authentic. You’re asked to divulge account information or other personal data such as user names, passwords and Social Security numbers.
Your credit union never will send you an e-mail—or call you by phone—asking for personal data. We already have this information. Studies show that most identity theft still occurs when thieves obtain information from paper—by digging through trashcans or stealing from mailboxes.
Be a Cautious Internet User
- Install a firewall as your first line of defense. This is the primary block between you and other computers on the network. Also install, run and update antivirus and antispyware programs.
- Ensure your browser is up-to-date with security patches.
- Never click links within e-mail to visit a Web site. Open a new browser window and type the URL (uniform resource locator) in the address bar.
- Don’t fill out e-mailed forms that ask for personal information. The only way you should send credit card or account information is via a secure Web site – you’ll see https (s for secure) and the padlock icon on the browser frame; click on the lock to view the security certificate.
- Be cautious of urgent e-mails requesting personal information. Phony e-mails often include upsetting or alarming statements to get people to respond. Don’t! If a company or financial institution really needs to update your expired credit card number, for instance, you'll be able to take care of it the next time you make a transaction, or by a telephone call you place to the company's customer service number on the card.
- Be suspicious if someone claiming to be from your financial institution asks for confidential information. This information should already be on file.
- Always review statements closely. Report any suspicious activity immediately to whomever the statement is from. Most financial institutions and online companies will reimburse customers for any phishing losses. If you generally receive statements by mail, call the company if a statement is late to make sure an ID thief has not redirected your mail by changing your address.
- If you have online access, monitor your accounts frequently. That assures you will notice unauthorized transactions promptly and can take steps to prevent more transactions.
- Change your Internet Banking and shopping account passwords often – experts suggest every three to six months. If your information is caught, your passwords should be out-of-date by the time crooks try to sell the data to other phishers. Experts recommend using passwords with a combination of letters (upper and lowercase), numbers and symbols.
- Forward phishing e-mails to email@example.com. Also, forward the e-mail to the Federal Trade Commission at firstname.lastname@example.org. When forwarding spoofed messages, always include the entire original e-mail with its original header information intact. Notify the Internet Fraud Complaint Center of the FBI by filing a complaint on its website at ic3.gov.
- If you've mistakenly taken the bait and think you've been spoofed, call the company that's been spoofed right away. If you are quick enough, you might be able to change your password or account number in time to stop unauthorized transactions.
Other Identity Theft Prevention Tips
- Only give your Social Security Number when it is absolutely necessary. Use another identifier, such as a driver’s license or last name instead. And don’t carry your Social Security card in your wallet unless you need it that day.
- Keep items with personal information in a safe place and either shred them or tear them up when you don’t need them anymore. Dispose of checking/share draft copies and statements, receipts with a credit card imprint, insurance forms, expired credit cards, savings and investment account statements and credit card offers the same way.
- Order a copy of your credit report from each credit-reporting agency every year. The Fair and Accurate Credit Transactions Act (FACT Act) of 2003 requires each major credit bureau to provide one free credit report annually to consumers who request a copy (call 877-322-8228, or visit www.annualcreditreport.com). See the Understanding Your Credit page for contact information for all three bureaus.
- Verify that your credit report is accurate and that it includes only accounts you have authorized.
- Consider switching to Internet Banking and eStatements to keep your financial information out of the mail stream. Research has shown that fewer Internet Banking and eStatement users fall victim to identity theft, and when they do, they notice the fraud much earlier, resulting in much lower financial losses than those who rely on mailed paper statements.
- Look over your credit card and credit union statements each month for unauthorized charges or suspicious activity.
- Photocopy financial cards and insurance cards you carry in your wallet (front and back) and keep copies in a safe place. If your wallet is lost or stolen, you can promptly and accurately report the loss.
- Consider the information you are supplying on entries to win a car, shopping spree and so on. To win, information such as your age or income range usually is not necessary.
- Opt-out of pre-approved credit offers from being mailed to you by contacting the three major credit reporting agencies. The national credit bureaus offer a toll-free number that enables consumers to opt-out of all pre-approved credit offers with just one phone call. Call 1-888-5-OPTOUT (1-888-567-8688) for more information.
- Contact the U.S. Postal Service if you don't receive mail for a few days. You want to confirm that your mail—with, say all those credit card offers—hasn't been diverted by a thief filling out a change of address form in your name.