"Phishing" E-mails and Other Scams
Phishing (pronounced fishing) is a term coined by Internet hackers who use e-mail lures (messages) to 'fish' confidential passwords and financial data from Internet users. These e-mails are disguised to look like a request from a legitimate organization such as a bank, credit card company, or retail merchant with whom recipients may already have a relationship.
This practice of "phishing" or "spoofing" is growing rapidly. These fraudulent e-mails are most often mass-mailed or "spammed" to thousands of potential victims. "Phishing" messages often include a warning about a problem related to the recipient's account and requests the recipient to respond by providing specific confidential information.
Victims may be asked to provide confidential account information by responding via e-mail, or they may be directed to click on a link that takes them to a legitimate looking webpage on which they are instructed to provide the confidential information. This information will allow the perpetrator to gain access to the victim's accounts and steal the victim's identity.
Do not trust or act upon unsolicited e-mails that request confidential information. Third Federal will never ask you to submit information such as account numbers, PINs, Social Security numbers, passwords or other confidential financial information via e-mail. If you receive an e-mail that appears to be from Third Federal, and it solicits you for this type of confidential financial information, it is most likely fraudulent. You should contact our Customer Care Department immediately at 1-800-844-7333 or 216-641-6000 and, if possible, forward the e-mail to firstname.lastname@example.org.
How to know if it is a phishing e-mail
- Fraudulent e-mail often presents end users with scenarios of negative consequences if they do not act immediately. No reputable business is going to take adverse action against your account with only an e-mail notification.
- The format of the e-mail typically includes stolen logos and branding, a "From" line disguised to appear as if the message came from a legitimate sender and a link to a website or e-mail address.
- All of these features are designed to assure the recipient that the e-mail is from a legitimate business source, when in fact, the information submitted will be sent to the perpetrator.
- Misspelled URLs or the use of subdomains are common tricks used by phishers (http://www.anytownbank.com.example.com). While many phishing e-mail scams often have misspellings and poor grammar, many of the criminals are getting smarter with the grammar. This used to be an easy way to detect a scam but it is becoming less reliable.
- Many times, the fraudulent e-mails include text such as "verify your account" or "confirm billing information". Some include an offer of a reward for completing a survey.
- Another common trick is to make the text for a link appear to be a valid URL when the link actually goes to a fraudulent website. Or the URL would contain an @ symbol following the correct URL (http://email@example.com).
- Some e-mails contain phone numbers with incorrect area codes. Call the number listed on your statement or the back of your credit card.
Tips to help you avoid becoming a victim of an e-mail scam
- Only open e-mails from senders that you know.
- If you receive an e-mail, don't click on links within the e-mail if it says it will take you to a site that asks you to enter your personal information. Instead, type in the web address in the address bar of your browser page.
- If you have any doubts, don't respond at all!
- Discard suspicious e-mail without opening it. Some e-mail contains spyware, which can provide scammers access to your accounts.
- If an e-mail offers you a reward or a discount and then asks you to provide personal information to get the reward, don't provide your information.
- Keep track of your account activity and make sure they're not any unusual transactions or activity.
- Avoid putting personal data into an e-mail unless you can confirm that it is your bank and that it is a secured communication system.
- Do not fill out forms contained in e-mail messages requesting sensitive information.
- Type Third Federal's web address into your browser and bookmark it. Use this bookmark for all subsequent visits to Third Federal's website. Typing the correct URL in or using it as a bookmark is the best way to be sure you're not redirected to a fraudulent site.
- Be careful if you're sent to a website that first displays a pop-up window asking you to enter your user name and password. Phishing scams may direct you to a legitimate website but then use a pop-up to gain your confidential information.
- If you're not sure if a site is authentic and you're asked to provide your User ID and password, STOP! Call the site's telephone number and verify that it is legitimate before entering any information.
- If you receive an e-mail claiming to be from Third Federal, and you suspect it is aimed at defrauding you, contact Third Federal and, if possible, forward the e-mail to firstname.lastname@example.org.
- When in doubt, close your browser, reopen it and type in the web address in your browser's address bar.