What is phishing?
Phishing (pronounced “fishing”) is a form of criminal activity that employs social engineering techniques to acquire sensitive personal information (such as passwords, account numbers, Personal Identification Numbers (PINs), Social Security Numbers, and account information). By masquerading as trustworthy individuals or businesses in an apparently official electronic communication like email, criminals use sophisticated lures to “fish” for users' passwords and account or personal information.
However, scammers may use other contact methods to obtain your private information, such as text messages (also known as short message phishing or “smishing”) and through phone calls (also known as voice phishing or “vishing”). With these methods, you could receive a text message, phone call or voice mail directing you to a website or phone number, where you would be asked to provide your personal data.
For example, you could receive a text message from an unusual number that says your account will be closed, frozen, or terminated unless you call a telephone number or go to a website. Often, these messages give negative consequences for not responding. This is an attempt to scare you and convince you to provide your personal or account information.
There are hundreds of variations, but in general, phishing comes in one of these scenarios:
- A warning that someone has accessed your account without your permission.
- A threat to suspend or deactivate your account.
- A notice that says you have been charged for an item you clearly did not purchase (e.g., products from an adult site).
- A notice that says someone has used your account to conduct fraud.
- A message that offers a reward for completing a survey.
- A notice informing you of a financial service you have been given free of charge.
- A notice about changes to online access due to a merger.
- A notice about software or security upgrade to our online services.
If you ever are unsure about the authenticity of an email, phone call, or text message, please contact the Company.
With those things in mind, please exercise caution when reading email that appears to have been sent by us. It is an unfortunate reality that criminals continue to devise ways to exploit technology in an effort to obtain your personal or account information.
If you suspect that you have been targeted as part of a potential Internet fraud, you should go to the Internet Crime Complaint Center and file a report.
What protection do I have if I responded to a phishing attempt?Each situation is different. We will work with you to make the best decisions based on the nature of the compromise and what data you shared.
What do fraudulent email messages look like?They take many forms, but most are similar in tone—harsh, demanding, and scary.
What should I do if I am suspicious of email bearing your logo?If you suspect that you have been targeted as part of a potential Internet fraud, you should go to the Internet Crime Complaint Center and file a report.
I have email that looks like it is from your Company. How can I tell if it is legitimate?
Looks can be deceiving. As criminals make more credible forgeries of legitimate email and websites, you can no longer rely on seeing familiar graphics like the company’s logo. The key to determining an email’s authenticity lies in the tone of the message and the nature of the solicitation. Criminals want you to give them information and they are not very subtle about it. Our goal in marketing by email is to tell you about products and services we think will interest you.
It is not our practice to:
- Send unsolicited email that requires you to enter personal information directly into the email.
- Send email threatening to close your account if you do not take the immediate action of providing personal information.
- Share your name with any contacts outside our firm in a manner inconsistent with our Privacy Notice.
How do the criminals doing the phishing know I have an account with your Company?They might not know anything about you specifically, but criminals often cast a very broad net in hopes of catching unsuspecting customers.
I do not have an account with your Company, but I am getting email about my “account” with your Company. How does that happen?It works like this: Phishers target the customers of large companies. They phish millions of email accounts, knowing that many of their targets will be among the recipients. In the process, they end up sending mail to many people who are not customers.
How do other people get my email address?Criminals obtain email addresses through various means, including purchasing mailing lists from reputable companies. Often, they have no idea about where you do business. They just know we have many customers, and if they phish enough people, they will eventually get lucky.
What do I do if I receive a phone call about my account?
You should never give out personal or financial information such as your checking account, credit card, or Social Security Numbers over the phone unless you initiate the call or know the person or organization you are dealing with.
No legitimate representative of the Company will ever ask you for your PIN or password via email communication.
Always use caution when you receive a phone call from someone who:
- Threatens to close or suspend your account if you do not provide personal information.
- Tells you that account has been compromised and then asks you to provide account or personal information.
- Requires you to provide any personal information, such as user ID, password, or account numbers.
- Asks you to confirm, verify, or update your account, credit card, or billing information.