Be careful of Internet scams while shopping online this holiday season.
AAA National

As the holidays approach and more people are using the Internet to shop and to pay bills, it’s important to become familiar with a growing problem called “phishing.”

Phishing is a term used to describe the action of assuming the identity of a legitimate organization or Web site using forged e-mail or Web pages to convince consumers to share their user names, passwords and personal financial information for the purpose of using it to commit fraud.

Phishing quickly has grown into one of the most frequent and effective scams on the Internet. It works by directing users toward fake Web sites that trick them into giving up personal information. This procedure has included account verification, invalid credit/debit card details, attempted account hacking, prize draws and account suspension. Some victims have had their credit rating and financial livelihood destroyed when their identity has been used to raise capital, while others have seen their credit or debit cards used by imposters to buy goods online.

Experts recommend consumers protect themselves from phishing scams by entering Web site addresses into their browser (rather than clicking on provided links) and only calling numbers listed in the phone book, on bank-provided credit cards or statements.

Protecting yourself

You can avoid becoming a phishing scam victim by following these simple rules and watching for these signs:
  • Treat all e-mail with suspicion. What you see in the e-mail body can be forged, the sender's address or return address can be forged and the e-mail header can also be manipulated to disguise its true origin.
  • Never send personal or financial information to any one via e-mail.
  • Regularly log into your online accounts. Check each one at least every three weeks.
  • Scrutinize your bank, credit and debit card statements and ensure that all transactions are legitimate. If anything looks suspicious, contact your bank and credit card issuers.
  • Ensure that all of your software is up-to-date. For instance, if you use Microsoft Windows, run Windows Update every day when you first connect to the Internet. If you use other operating systems or browsers, then check daily for patches or updates. Security loopholes are regularly discovered in software.

One big problem is that phishing e-mail looks official and real. It appears to be from trusted banks, retailers or other companies. The e-mail often says the company needs to verify your information, such as account numbers or passwords, for supposed security purposes.

Phishing e-mail tries to fool you with an address spoof. In more than 90 percent of cases, the e-mail address looks like one from a real company. Here are some questions to help you recognize phishing e-mails and sites:

  • What is the tone of the e-mail?
  • Does the e-mail convey a sense of urgency?
  • What is the quality of the e-mail? Does it have misspellings and bad grammar? Is it fuzzy?
  • Are the links in the e-mail valid?
  • Is the e-mail personalized with your name and applicable account information instead of a generic greeting?
  • Who is the e-mail from and does the e-mail address match the company represented?
  • Does it ask you to fill out forms with your personal financial information?
  • Does it point to links in the e-mail, urging you to click to "validate" or "confirm" your account?

What to do if you’ve been scammed

Unfortunately, no matter how careful you are, you sometimes still end up falling prey to someone who has scammed you. So, here are a few important tips if you’ve divulged sensitive information:

  • If you think you’ve been scammed, the first thing you should do is to notify the bank or credit card issuer of the account that has been compromised. You’ll probably want to close the account and open a new one. Then file a complaint with the Federal Trade Commission and the Internet Fraud Complaint Center.
  • If you’ve given away your Social Security number, you should also notify the big three credit reporting agencies–Experian, Equifax and TransUnion–so that a fraud alert can be placed on your file. That way,

if anyone applies for new accounts with your Social Security number, you can be notified at home. You should also always regularly monitor your credit reports, if you do not already.

Don’t let phishing ruin your holiday shopping plans. Be sure to take the appropriate safeguards so that the “grinches” don’t steal your financial and credit security.

Nov/Dec 2007

^ to top | previous page