Don’t take the bait

You log into your email account and find email from one of the companies from which you do business – your bank, perhaps, or an online retailer.

“Dear customer,” says the email, “We are conducting a security audit on our accounts. Please click on the link below and confirm your customer information.”

If you click on the link and fill out the form, look out — chances are good someone’s phishing, and you just took the bait.

^”Phishing” refers to a practice that unscrupulous individuals use to collect information for various purposes – some as relatively innocuous as spam e-mail; others to collect valuable credit and account information.  Here how it works:

First, they set up a dummy site, one that often closely resembles an authentic business’s website. It’s very easy for scam artists to look at a legitmate site and set up their own.

Then they send out their emails, claiming that they need account information, or sometimes pretending to be holding a contest. This email may sound like a threat. (“If you do not provide us with this information your account may be terminated.”)

Next they wait for you to click on the link and give them t information they want. Some of the information that should make you suspicious: anything that the company would already have, such as your account number or password. Also any personal information that seems unusual: driver’s license number, or social insurance number.

What to do
How do you determine whether a request is legitimate? There are a number of easy and quick ways to check:

Check the link. If it’s a phony email, the link will often be very close to the real company website, but misspelled or changed around – such as instead of

Check it again. Place your mouse over the link in the email and then look to the very bottom left of your screen on the grey bar where you may see something like - that is actually where you will go if you click on that innocent-looking link.

Always go directly to the company’s website, rather than clicking on the link given in the email. If there is a legitimate problem or contest, it will generally be available at the main site.

Never provide sensitive information such as a credit card number in response to an email “out of the blue.”

When in doubt, phone the company. They will be able to tell you if it is legitimate, and also may need to know about the email in order to protect their customers.

And of course, always reconcile your accounts at the end of the month. If there is a suspicious charge on a credit card bill or withdrawal from an account, look into it right away.