OLYMPIA – July 14, 2003 - Attorney General Christine Gregoire today warned consumers about scam e-mails that try to trick consumers out of personal information by appearing to come from a company they may have an account with.
These practices have been dubbed “phishing” or “carding.”
The scam e-mails purport to be from familiar companies such as AOL, Paypal, eBay and others, with alarming messages like “your account is about to be terminated” or “our fraud department has some suspicions regarding this order.” Consumers are then urged to use what looks like a legitimate link to update billing information or confirm or decline a transaction.
The link transfers consumers to a phony but realistic looking website that fishes for personal information by asking them to reenter passwords, social security and credit card numbers, bank numbers, and other information.
Consumers duped out of personal information are at risk of identity theft and fraudulent purchases charged against them.
Gregoire warned consumers to use caution and be skeptical of messages asking for personal information – even if it appears to be from a legitimate source.
The Consumer Protection office offers the following tips:
- Be cautious of warnings that an account will shut down with little or no notice if you don’t reconfirm billing information.
- Don’t click on the link. Contact the company directly by telephone or by directly entering a website address you know is real.
- Check the address bar at the top of the browser – not just the pictures and logos used on the website.
- Look for the “lock” icon on the browser’s status bar when submitting financial information on any website to be sure your information is secure during transmission.
- Avoid sending personal or financial information via e-mail whenever possible.
If you suspect you’ve given personal information to an insecure source, you should:
- Closely monitor credit card and bank statements for unauthorized charges.
- Ask the fraud departments of each of the three major credit bureaus to place a “fraud alert” on your file and that no new credit be granted without your approval.
- Close accounts that have been fraudulently accessed or opened. Put passwords (not your mother’s maiden name) on any new accounts you open.
- File a report with your local police or the police where the theft took place and get a copy of the report.
- Visit the Washington State Attorney General’s website at http://www.atg.wa.gov/consumer/idtheft/ or contact the Federal Trade Commission by calling toll-free 1-877-438-4338 or www.ftc.gov/idtheft.