We’ve talked about this before, but a recent rash of phishing attempts that I’ve received have prompted me to bring it up again. “Phishing” is an attempt by some unauthorized person to get you to voluntarily surrender sensitive information. While phishing cons have been around forever, the attacks have taken a new electronic form using email. Here’s how it works:
You’ll get an official-looking email from your bank (or eBay, or some other company with which you might do business. As one of the largest US banks, Citibank has been a popular target.) When you open the email, it directs you to an online form under the pretenses of preventing loss of your personal information, or updating their records, or verifying your PIN, etc. The point is, everything looks official — even after you click the link and go to an address that looks correct, too. (It might be something like http://citibank.bankrecords.com/account_update.html). The problem is, the message you received and the form that you fill out aren’t owned by Citibank (or any other legitimate entity.) And when you fill out the form, you essentially surrender all the information necessary for someone to steal your identity, a problem that could cost you thousands of dollars and years to correct.
Here’s the bottomline: No company that you do business with will contact you (unsolicited) via email to ask for things like your SSN, pin number, or even your Internet login information; they already have it. If you receive a request like this that you haven’t initiated, pick up the phone and call them.