Phishing

Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as user names, passwords and credit card details from unsuspecting people by masquerading as a trustworthy entity. EBay, PayPal and online banks are common targets. Phishing is typically carried out by email or instant messaging, and often directs users to enter details at a website, although phone contact has also been used. Phishing is an example of social engineering techniques used to trick users. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical measures.

One way of acquiring this sensitive information is by telephone solicitation. By falsely identifying themselves as a real employee of a real financial institution they try to gain your trust. They try to get you to “confirm” information they have on file. They add to the ruse by giving you the first few numbers of your credit card or account. (Keep in mind that the first few numbers are generally the same on everybody’s card or account.) This causes unsuspecting victims to give out the rest of their valuable information. Email phishing works in exactly the same way. You receive an email requesting you to confirm information or possibly it directs you to a “secure” site to confirm more information. These emails have graphics and text that probably come from the true source and to an unwitting victim there is no reason to suspect anything is amiss.

TECU members should know that TECU will NEVER solicit you for personal or private information via email, phone or online. If someone is requesting that you give out personal information unsolicited by you, you should see this as what it really is, a red flag. If you suspect that you have received a phishing email from an institution, call up the real company with a phone number you trust to find out what is going on. Never reply to it. Delete it from your inbox. Remember – why would anyone want to confirm information that they already have? Something sure smells phishy!

Take action if you've been a victim of Phishing (www.antiphishing.org).