StaySafe from Scams

StaySafe from Scams & Fraud

If you receive an e-mail offer that sounds too good to be true, it probably is. Urban legends and hoaxes have been around for centuries, but their popularity is on the rise because the Internet makes it easy to spread fraud e-mails.

Criminals have realized that the Internet can help them steal your identity and perpetrate fraud, sometimes in very creative ways that incorporate elements of direct mail writing, spyware and by redirecting your attention. By now you've probably heard of phishing, and know that its bad to take the bait. It is more than just unwanted and annoying spam. It could lead to the theft of your credit card numbers, passwords, account information, or other personal data. Another new scam called pharming, which is similar to phishing, also tries to steal your identity. The main difference is it collects your personal information through phony websites that look real.

On this page
Dos & don'ts

Perpetrators of fraud are counting on you to provide them with the information they need to use your credit, establish new credit in your name, or take money from your accounts. By following these guidelines, you can help protect yourself from these tricky scams.

  • Report suspicious e-mail. If you suspect you have received deceptive e-mail designed to steal your identity, don't respond to it. Instead, report the e-mail to the organization that is being misrepresented. Contact the organization directly-not through the e-mail you received-and ask for confirmation. Some organizations allow you to forward suspicious e-mails to a special e-mail address; for example, you can send suspicious e-mails that look like they come from PayPalto spoof@paypal.com. After receiving the suspicious e-mail, the organization will investigate the site and work with the Internet service providers to shut it down if it's fake. If you are more comfortable speaking with a customer service representative, call the organization's toll-free number. You should also report the e-mail to the proper authorities, including the FBI, the Federal Trade Commission (FTC), and the Anti-Phishing Working Group. For more information on how to report phishing scams, read What to do if you've responded to a phishing scam.
  • Be wary of clicking on links in e-mail messages. Links in phishing e-mail messages often take you directly to phony sites where you could unwittingly transmit personal or financial information to con artists. Avoid clicking on a link in an e-mail message unless you are sure of the destination. Even if the address bar displays the correct Web address, don't risk being fooled. There are several ways for con artists to display a fake URL in the address bar on your browser. To see an example of this, read How can I tell if an e-mail message is fraudulent?
  • Type addresses directly into your browser. If you need to update your account information or change your password, visit the Web site by typing the URL directly into your browser.
  • Check the security certificate when you are entering personal or financial information into a Web site. Before you enter personal or financial information into a Web site, make sure the site is secure. In Internet Explorer, you can do this by checking the yellow lock icon on the status bar as shown in the following example. The closed lock icon signifies that the Web site uses encryption to help protect any sensitive, personal information that you enter, such as your credit card number, Social Security number, or payment details. It's important to note that this symbol doesn't need to appear on every page of a site, only on those pages that request personal information. Unfortunately, even the lock symbol can be faked. To help increase your safety, double-click the lock icon to display the security certificate for the site. The name following Issued to should match the name of the site. If the name differs, you may be on a fake site, also called a "spoofed" site. If you're not sure whether a certificate is legitimate, don't enter any personal information.
  • Don't enter personal or financial information into pop-up windows. One common phishing technique is to launch a fake pop-up window when someone clicks on a link in a phishing e-mail message. To make the pop-up window look more convincing, it may be displayed over a window you trust. Even if the pop-up window looks official or claims to be secure, you should avoid entering sensitive information, because there is no way to check the security certificate. Close pop-up windows by clicking on the red X in the top right corner (a "cancel" button may not work as you'd expect).
  • Do update your computer software. For more information visit the Toolbox.

Top of Page

About advance fee frauds

An advance fee fraud is a scam that hooks you with the false promise of large sums of money for little or no effort on your part. Once you're deeply involved in the scam, you're asked to pay certain amounts of money to expedite the process. You end up not making a dime.

Here are a few examples of the most popular advance fee frauds:

  • A foreign government official would like your assistance in transferring funds and will pay you a hefty commission if you agree.
  • You stand to inherit millions of dollars from a relative you don't remember.
  • You've won a prize or a lottery (perhaps one from a foreign country) that you don't remember entering.

Top of Page

Spotting a fraud: 7 signs of a scam

If you think an e-mail you received is a scam, one place to check is the Urban Legends Reference Pages list of examples. However, these scams can come in thousands of different forms.

Here are seven more telltale signs of a scam:

  • You don't know the person who has sent you the message.
  • You are promised untold sums of money for little or no effort on your part.
  • You are asked to provide money up front for questionable activities, a processing fee, or to pay the cost of expediting the process.
  • You are asked to provide your bank account number or other personal financial information, even if the sender offers to deposit money into it.
  • The request contains a sense of urgency.
  • The sender repeatedly requests confidentiality.
  • The sender offers to send you photocopies of government certificates, banking information, or other "evidence" that their activity is legitimate (these are fake).

Top of Page

What to do if you are a victim of fraud

If you do become a victim of fraud, here's what you should do:

  • File a report with your local police department. Get a copy of the police report to notify your bank, credit card company, and other creditors that you are a victim of a crime, not a credit abuser. Depending on where you live, you may be required to file a report in the jurisdiction where the crime actually took place.
  • Place a fraud alert on your credit reports. Ask that no new credit be granted without your approval. Review your reports carefully; look for things like inquiries you didn't initiate, accounts you didn't open, and unexplained debts. In the United States, you can contact these three credit bureaus:

    Equifax (800) 525-6285
    Experian (888) 397-3742
    TransUnion (800) 680-7289

  • Outside the United States, you can contact your bank or financial institution, who can direct you to the relevant organization or agency.
  • Close any fraudulently accessed or opened accounts. Speak with the security or fraud department of each bank or financial institution you deal with, including credit card companies, and follow up with a letter.
  • Contact the genuine company or organization if you believe you've given sensitive information to an unknown source masquerading as that real company or organization. This is known as a phishing attack. If you contact the real company immediately, they may be able to lessen the damage to you and others.
  • Change the passwords on all of your online accounts, starting with any that are related to financial institutions or information.
  • In the United States, file a complaint with the Federal Trade Commission (FTC). If you are a victim of any type of identity theft, you can report the theft by calling the FTC's toll-free Identity Theft Hotline at (877) ID-THEFT or (877) 438-4338. You can also file a complaint online.
  • In the United States, report the fraud to Fraud.org, the National Fraud Information Center. Use the online complaint form or call (800) 876-7060.
  • Record and save everything you do to clear up the wrongdoing, including copies of e-mail messages, written correspondence, and records of telephone calls.

Top of Page

Where to go for more information

In the United States, advance fee frauds are investigated by the United States Secret Service. For more information, visit the Advance Fee Fraud Advisory page. To learn more about Internet hoaxes and scams in general, check the Urban Legends Reference Pages.

Top of Page

 

Video Screenshot

What you should know about phishing scams

Running time: 3:32 minutes

Watch the video:

300k (broadband) | 100k

Related Links