Privacy | Identity Theft | Phishing

Don't get hooked by "phishing" scams

Beware of emails asking for personal information

Columbus Metro members are reporting a rash of suspicious emails. Some look like they're from the National Credit Union Administration, the government agency that oversees credit unions. Others appear to be from financial institutions or legitimate businesses like PayPal. The names vary, but their goal is the same: They want you to provide personal information so they can use it fraudulently.

These are examples of high-tech thieves' newest "sport": phishing (pronounced "fishing"). Phishing involves sending emails that direct consumers to official-looking web sites to "correct" or "verify" or "update" financial information. Unsuspecting consumers who provide the requested information are actually giving it to identity thieves. Unfortunately, these phony emails have successfully reeled in thousands of unsuspecting victims.

Phishing emails look authentic--that's why they work. To appear genuine, and gain your confidence, phishing emails may contain some or all of the following:

• An institution or company's branded logo

• The institution or business name in the "sent from" line, subject line and body of the email

• A recognizable employee name

• A "special" link to a phony web site built to extract personal data

• An assurance of encryption for a secure transfer of personal data

Don't be fooled. Emails that contain these elements and request personal information probably aren't legitimate. Do not reply to them.

Protect yourself

First, you should know that Columbus Metro will never request personal information through email. We will never ask you to "verify" information in an email. And we will never ask you to click on a link to a "special" web site to verify or request personal information.

To avoid becoming a victim of online crime, experts provide the following recommendations:

1. Be wary of email you receive. Never click on any link to a financial institution or merchant. Instead, open your web browser and type in the URL yourself. If you question the legitimacy of an email, look the merchant up in the phone book and call them.

2. Nobody needs to verify your passwords. Ever.

3. Practice good computer hygiene. Don't click on attachments. Run anti-virus and anti-spyware software regularly. Firewall and privacy protection software are also a good idea, particularly if you have a broadband connection. Update this software, as well as your operating system, regularly.

4. Only provide personal information when you initiate the transaction and never when someone requests it, whether online or on the telephone.

5. Order credit reports yearly and review them carefully. By the end of 2005, all U.S. residents will be eligible for free annual credit reports from all three major credit reporting agencies. Visit www.annualcreditreport.com or call toll-free 877.322.8228.

6. Review your credit union, credit card and other financial statements as soon as you receive them. If they're late or don't arrive at all, contact the institution.

7. Encrypt or shred personal information. Use a cross-cut shredder, which makes confetti rather than long strips that are easily reassembled) or burn documents that contain personal information. Don't store PINs on your computer; lock them up or encrypt them.

8. Don't provide--or offer--unnecessary information. Ask yourself, "Why do these people need my information?"

9. Report suspicious activity to the Federal Trade Commission at www.ftc.gov and forward suspicious messages to them at spam@uce.gov.

If you have any questions about phishing, or have a suspicious email that appears to be from Columbus Metro, email us.