Security Tips from American Bank

Phishing and Pharming

Phishing and Pharming attacks are among a rapidly growing class of identity theft scams on the Internet.

Phishing attacks usually start with emails that are, in Internet jargon, “spoofed”. That is, they are made to appear to be coming from some trusted financial institution or commercial entity. The spoofed email usually asks the victim to go to a website to confirm or renew private account information. These emails offer a link that appears to take the victim to the website of the trusted institution. In fact, the link takes the victim to a phony website that is visually identical to that of the trusted institution, but is in fact run by the criminal. When the victim takes the bait and sends their account information, the criminal uses it – sometimes within minutes – to transfer the victim’s funds or to make purchases.

In addition, Internet users face the threat of “pharming”. This insidious crime does not rely on email bait. Rather, it attacks web browsers and the Internet’s addressing system. The effect is that even individuals who type a desired Internet destination into their web browser may be redirected to a phony web site, with the same disastrous result as clicking on the phony link in a phishing attack.

Phishing scams are constantly evolving. Read the tips below so you don’t become a victim:

  • Never give out your personal financial information over the phone or the computer, unless you called them first. Banks will never ask you to “verify” your financial information or ask you to click on a special site link.
  • Do not respond to an email that may warn of dire consequences. Always confirm these emails separately with the bank or company.
  • When submitting financial information to a web site, look for the padlock or the key icon at the bottom of your browser and make sure the address begins with “https”. This is no guarantee, but the lack of these icons or “https” does indicate that the web site is not secure.
  • If you do respond to a fraudulent email, contact your bank immediately so they can help protect your account and identity.

Each year, phishing con artists convince 5 percent of the public to fall for their scams. Make sure it’s not you.