StreetWise Home > StreetWise Privacy Home > Protecting Your Privacy, Your Identity, and Your Money

Protecting Your Privacy, Your Identity, and Your Money

By Remar Sutton
DCU StreetWise National Spokesperson

Phishing and Pharming for Your Personal and Financial Information

What is phishing (pronounced fishing)? These are scams that are trying to steal your personal and financial information. Phishing has primarily been online in the form of email or pop-up messages but can also occur over the phone or through the mail.

Phishers impersonate legitimate financial institutions–banks, credit unions–and businesses. The phishers cast a wide net that's bound to find persons that do business with the impersonated financial institution or company.

Email and pop-up messages may have a link to click or a phone number to call. In the case of a link, it usually goes to a fake website that mimics a legitimate site.

“Spear-phishing” is a phishing scam that is targeted to a specific, usually small, group. These emails may contain (or seem to contain) personal or confidential information and seem to come from a trusted person such as a boss, friend, or family member.

Take the SonicWALL Phishing IQ Test to see how savvy you are about these scams. This test shows how hard it is to distinguish between a real and a fake message.

Here are some tips to avoid being hooked by such scams:

Reputable companies and financial institutions, like your credit union and bank, NEVER, EVER send e-mails asking for personal information and account number information they already have on file. Always be suspicious of any request for information that comes from an unsolicited e-mail or phone call. When you initiate the contact (online or by phone) with your bank or a reputable merchant, you may provide information to purchase merchandise or handle your account.
If you want to make sure this is a scam or if you think the email, phone call or letter might be genuine, simply call your financial institution, using the number on your statement or that you looked up in the phone book, and ask if they sent the email, letter, or made the phone call.
Never include account numbers and passwords in an email message.
Never call the phone number in an email or left on your answering machine. Use the phone number listed on a recent statement.
Report the scam to the company, using the customer service number or website address from a recent statement. You can send the actual spam to the FTC at spam@uce.gov.
NEVER click on links in these sorts of emails.
Never enter personal or financial information in a pop-up window. Some forms of phishing use a pop-up window on a legitimate site.
Protect your computers by using a firewall, anti-virus and anti-spyware software and spam filters.

Malicious software installed on your computer can also “phish” for your information. The malicious software may monitor a user's keystrokes looking for usernames and passwords for specific sites or the software may misdirect the user (using various techniques) to fake websites or the software may cause the user's information to be sent to a legitimate site but through a computer that can collect the user's information.

Pharming is similar to phishing but much harder to detect. You don't have to do anything to get “scooped” up by the scam. It works like this. Scammers create a fake, malicious website that looks like the site of a real company. Then these criminals “hijack” your browser through malicious software on your computer or Domain Name System (DNS) poisoning and send you to the fake site.

Using a toolbar such as Netcraft, TrustWatch, or Earthlink (all work with Internet Explorer and Firefox) or the Opera browser that displays the location of the site's host can be helpful in avoiding phishing and pharming scams. Internet Explorer 7 and Firefox 2 include antiphishing features (but you must turn them on).

The Remar's Review You Don't Have to be “Phished” provides tips on avoiding these scams and screen shots of some actual scams.

Other Scams to Watch Out For

Besides phishing, various other scams also arrive in your inbox. Here are brief descriptions of some of the most common.

The “Nigerian” Scam also called “Advance Fee” Scam

The email is requesting help to get large sums of money out of a foreign country. They promise you big profits in exchange for your help. Before you receive any money, you'll have to provide money to cover transaction and transfer costs and attorney fees plus you'll need to provide them with your bank account numbers. The “Nigerian” Scam: Costly Compassion (.pdf) from the FTC has more information.

Advance-Fee Loan Scam

These emails promise that a loan or credit will be approved even if you've been turned down many times already. But in order to get this loan you have to pay a fee. The Truth About Advance-Fee Loan Scams from the FTC has more information.

Work-at-Home Scams

These emails promise a steady income with just a little work in your spare time. Common schemes are envelope stuffing, email processing, assembly or craft work, and medical billing. You may have to pay a “fee“ for materials, instructions, or equipment. Fall for any of these offers and you'll probably be out money instead of earning any. The Remar's Review Work-at-Home Schemes Target Your Hard-Earned Dollars describes how you can protect yourself from questionable offers by knowing the most common schemes, knowing what questions to ask of any business opportunity and what cautionary flags to look for.

Foreign Lotteries

These emails either promise great odds or indicate that you've won money in a lottery in another country. You will have to pay to get your prize or collect your winnings. International Lottery Scams from the FTC has more details.

Check Overpayment Scams

Someone responds to your ad or online auction posting, offering to buy your item. The catch is that for some reason, the check you'll receive is for more than the purchase price. They want you to wire them back the difference. Check Overpayment Scams: Seller Beware and Be Suspicious About Wiring Money Back After Cashing a Check from the FTC have more information.

Counterfeit Check Scams

These scams are another version of the Nigerian or advance fee scam. The Remar's Review Fake Check Scams are Targeting Your Wallet—Learn the Warning Signs and Avoid the Traps describes ways to avoid these scams.

These sites describe these and other scams.

OnGuard Online: Spam Scams has more detail about spam scams and links to other resources.
LooksTooGoodToBeTrue.com describes these and many other scams on their fraud page.

This handout for Remar Sutton's Privacy seminars was prepared by Remar Sutton, DCU’s Streetwise National Spokesperson & Remar Sutton Associates for DCU Streetwise, reviewed and updated April 2008. All rights reserved.

A note about third-party links – By selecting links on this page, you will leave DCU's web site and enter a web site hosted by an organization separate from DCU. We encourage you to read and evaluate the privacy policy of any site you visit when you enter the site. While we strive to only link you to companies and organizations that we feel offer useful information, DCU does not directly support nor guarantee claims made by these sites.

To beginning of page

Digital Federal Credit Union
220 Donald Lynch Boulevard
PO Box 9130
Marlborough, MA 01752-9130
508.263.6700 • 800.328.8797

Your savings federally insured to at least $250,000 and backed by the full faith and credit of the United States Government. National Credit Union Administration, a U.S. Government Agency. Select for more information.