Online Phishing Scams

You've probably been targeted by a phishing scam and never knew it. Look for these “red flags” before you submit any personal data:

  • The e-mail contains urgent requests for personal financial information, or to reconfirm existing information, and either asks you to follow a link or to fill out a form in the e-mail.
  • The message uses scare tactics to convince you that your security is being threatened.
  • The message is addressed “Dear customer,” or some other impersonal greeting.
  • The message is from a bank or website you do not do business with.
  • The message appears to be from somewhere you do transact business with. Scammers often use well-known entities, such as leading websites or big credit card issuers.
  • The message has misspelled words and punctuation errors, or does not use correct English. (Many phishers operate outside the U.S.)

Ways to avoid being lured in:

  • If you suspect the site is not secure, do not enter any information. A secure source will begin “https” rather than just “http.” Please note: This is not a fail-safe method. Some hackers can forge the security “s.”
  • Never click on the link in the e-mail. Go to the site in question yourself and log in from there.
  • Mouse over the link in the e-mail; some browsers show you at the bottom of the screen where the link goes to. This is not a foolproof method either.
  • Review credit card and bank statements regularly for any suspicious transactions.
  • Keep anti-virus software up-to-date.
  • Avoid e-mailing personal financial information. E-mail is not a secure method of communication. Most banks will never ask you to submit personal information this way.
  • Call your bank or credit card company to confirm that the message is legit (use the phone number listed on their official website—never what the e-mail provides).
  • Don't fall for warnings that say you must respond within 24 hours in order to keep your account open.

If you suspect you've been scammed, notify your bank, credit card company, or the company targeted in the e-mail. Contact the Federal Trade Commission at and file a complaint. Visit the FTC's Identity Theft website at