StreetWise Home > StreetWise Privacy Home > Protecting Your Privacy Guide > Phishing and Pharming

Protecting Your Privacy Guide

Phishing and Pharming

What is phishing (pronounced fishing)? These are scams that are trying to steal your personal and financial information. Phishing has primarily been online in the form of email or pop-up messages but can also occur over the phone or through the mail. Phishers have even started using text messages.

Phishers impersonate legitimate financial institutions–banks, credit unions–and businesses. The phishers cast a wide net that's bound to find persons that do business with the impersonated financial institution or company.

Email and pop-up messages may have a link to click or a phone number to call; text messages have included a toll-free number to call. In the case of a link, it usually goes to a fake website that mimics a legitimate site.

“Spear-phishing” is a phishing scam that is targeted to a specific, usually small, group. These emails may contain (or seem to contain) personal or confidential information and seem to come from a trusted person such as a boss, friend, or family member.

Take the SonicWALL Phishing IQ Test to see how savvy you are about these scams. This test shows how hard it is to distinguish between a real and a fake message.

Here are some tips to avoid being hooked by such scams:

Reputable companies and financial institutions, like your credit union and bank, NEVER, EVER send e-mails, make phone calls, or send letters asking for personal information and account number information they already have on file. Always be suspicious of any request for information that comes from an unsolicited e-mail or phone call. When you initiate the contact (online or by phone) with your bank or a reputable merchant, you may provide information to purchase merchandise or handle your account.
If you want to make sure this is a scam or if you think the email, phone call or letter might be genuine, simply call your financial institution, using the number on your statement or that you looked up in the phone book, and ask if they sent the email, letter, or made the phone call.
Never include account numbers and passwords in an email message.
Never call the phone number in an email or left on your answering machine. Use the phone number listed on a recent statement.
Report the scam to the company, using the customer service number or website address from a recent statement. You can send the actual spam to the FTC at spam@uce.gov.
NEVER click on links in these sorts of emails.
Never enter personal or financial information in a pop-up window. Some forms of phishing use a pop-up window on a legitimate site.
Protect your computers by using a firewall, anti-virus and anti-spyware software and spam filters.

Malicious software installed on your computer can also “phish” for your information. The malicious software may monitor a user's keystrokes looking for usernames and passwords for specific sites or the software may misdirect the user (using various techniques) to fake websites or the software may cause the user's information to be sent to a legitimate site but through a computer that can collect the user's information.

Pharming is similar to phishing but much harder to detect. You don't have to do anything to get “scooped” up by the scam. It works like this. Scammers create a fake, malicious website that looks like the site of a real company. Then these criminals “hijack” your browser through malicious software on your computer or Domain Name System (DNS) poisoning and send you to the fake site.

Using a toolbar such as Netcraft or Earthlink (both work with Internet Explorer and Firefox) or the Opera browser that displays the location of the site's host can be helpful in avoiding phishing and pharming scams. Internet Explorer 7 and Firefox 2 & 3 include antiphishing features (but you must turn them on).

Want to test your Phishing knowledge? Then take the quiz: Phishing Scams — Avoid the Bait. It's from OnGuardOnline.

Other Scams to Watch Out For

Besides phishing, various other scams also arrive in your inbox. Here are brief descriptions of some of the most common.

The “Nigerian” Scam also called “Advance Fee” Scam

The email is requesting help to get large sums of money out of a foreign country. They promise you big profits in exchange for your help. Before you receive any money, you'll have to provide money to cover transaction and transfer costs and attorney fees plus you'll need to provide them with your bank account numbers. The “Nigerian” Scam: Costly Compassion from the FTC has more information.

Advance-Fee Loan Scam

These emails promise that a loan or credit will be approved even if you've been turned down many times already. But in order to get this loan you have to pay an upfront fee. Advance-Fee Loan Scams: 'Easy' Cash Offers Teach Hard Lessons from the FTC has more information.

Work-at-Home Scams

These emails promise a steady income with just a little work in your spare time. Common schemes are envelope stuffing, email processing, assembly or craft work, and medical billing. You may have to pay a “fee“ for materials, instructions, or equipment. Fall for any of these offers and you'll probably be out money instead of earning any.

Foreign Lotteries

These emails either promise great odds or indicate that you've won money in a lottery in another country. You will have to pay to get your prize or collect your winnings. International Lottery Scams from the FTC has more details.

Check Overpayment Scams

Someone responds to your ad or online auction posting, offering to buy your item. The catch is that for some reason, the check you'll receive is for more than the purchase price. They want you to wire them back the difference. Check Overpayment Scams: Seller Beware and Be Suspicious About Wiring Money Back After Cashing a Check from the FTC have more information.

Counterfeit Check Scams

These scams are another version of the Nigerian or advance fee scam.

Debit Relief

These emails tout various debt relief schemes such as bill consolidation (without borrowing); stopping credit harassment, foreclosure, repossession, tax levies and garnishments; or wiping out your debts. The catch is that most of these emails are actually offering bankruptcy services, but they don't mention that fact. Bankruptcy should usually the last resort when dealing with financial problems. Advertisements Promising Debt Relief May Be Offering Bankruptcy has more details.

Investments Schemes

These emails offer so-called investments with high rates of return with little or no risk. Usually there is little detail about the investment but lots of details about how much money you can make. Investment Risks from the FTC provides tips to help you spot these fraudulent pitches.

These sites describe these and other scams.

OnGuard Online: Spam Scams has more detail about spam scams and links to other resources.
LooksTooGoodToBeTrue.com describes these and many other scams on their fraud page.

Test your scam knowledge with the quiz: Spam Scam Slam — Don't Be Fooled. It's from OnGuard Online.

Intro / Back / Next

A note about third-party links – By selecting links on this page, you will leave DCU's web site and enter a web site hosted by an organization separate from DCU. We encourage you to read and evaluate the privacy policy of any site you visit when you enter the site. While we strive to only link you to companies and organizations that we feel offer useful information, DCU does not directly support nor guarantee claims made by these sites.

To beginning of page

Digital Federal Credit Union
220 Donald Lynch Boulevard
PO Box 9130
Marlborough, MA 01752-9130
508.263.6700 • 800.328.8797

Your savings federally insured to at least $250,000 and backed by the full faith and credit of the United States Government. National Credit Union Administration, a U.S. Government Agency. Select for more information.