What is phishing and how can you protect yourself?

E-mail and Internet-related fraudulent schemes, such as “phishing” (pronounced “fishing”), are being perpetrated with increasing frequency, creativity and intensity. Phishing involves the use of seemingly legitimate e-mail messages and websites to deceive consumers into disclosing sensitive information, such as bank or loan account information, Social Security numbers, credit card numbers, passwords, and personal identification numbers (PINs).

The perpetrator of the fraudulent e-mail message may use various means to convince the recipient that the message is legitimate and from a trusted source with which the recipient has an established business relationship. Techniques such as a false “from” address or the use of seemingly legitimate company logos, weblinks and graphics may be used to mislead e-mail recipients.

In most phishing schemes, the fraudulent e-mail message will request that recipients “update” or “validate” their financial or personal information in order to maintain their accounts, and direct them to a fraudulent website that may look very similar to the website of the legitimate business. These websites may include copied or “spoofed” pages from legitimate websites to further trick consumers into thinking they are responding to a bona fide request. Some consumers will mistakenly submit financial and personal information to the perpetrator who will use it to gain access to financial records or accounts, commit identity theft or engage in other illegal acts.