Frequently Asked Questions Regarding Phishing

Phishing is a type of online identity theft. It uses e-mail and fraudulent Web sites designed to steal your personal information including credit card numbers, passwords and account data. Perpetrators of phishing scams send millions of fraudulent e-mail messages with links or attachments that appear to come from Web sites you trust such as your bank or credit card company. The phishing e-mails request that you provide personal information in order to open new accounts in your name, obtain official documents using your identity or even embezzle funds from your accounts.

If you think you've received a phishing scam, immediately delete the e-mail message and do not click any links in the message or open any attachments.

Attach the suspicious e-mail message to a new e-mail message and send it to the Global Payments at protect@globalpay.com. We will need the original phishing e-mail (not just a forwarded copy) to be able to analyze the message. Delete the e-mail message and do not click any links in the message or open any attachments.

Global Payments will never send an e-mail asking you to update your login credentials or log into our Web site using a link or an attachment in an e-mail.

To minimize any damage after responding to a phishing scam with personal or financial information, immediately change the passwords or PINs for all the online accounts that could be compromised.

Perpetrators send out millions of phishing messages to randomly generated e-mail addresses. They replicate fake Web sites of popular companies in order to target the largest number of people.

Yes. Phishing scams often use the official logos of the companies they're trying replicate. Do not use Web site links in suspicious e-mails - type the web addresses directly into your browser or use your personal bookmarks.

Not necessarily. Phishing e-mail messages often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites. They might also contain threatening phrases such as “Your account will be suspended if…” or requests for action like “Log in now using this link to update or reset your password.”

The number of sophisticated phishing scams sent to consumers is continuing to increase dramatically. While online banking and ecommerce are very safe, as a general rule you should be careful about giving out your personal financial information over the Internet.

The Anti-Phishing Working Group (APWG, www.antiphising.org) has compiled a list of recommendations to avoid becoming a victim of these scams.

1. Be suspicious of any e-mail with urgent requests for personal financial information. Phishers typically include upsetting and false statements in their e-mails to get people to react immediately. They also ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.
2. Don't use the links or attachments in an e-mail, instant message or chat to access any Web page. If you suspect the message might not be authentic call the company or log onto the Web site directly by typing it into your browser.
3. Avoid filling out forms in e-mail messages that ask for personal financial information. You should only communicate information such as credit card numbers or account information via a secure Web site or the telephone.
4. Always ensure that you're using a secure Web site when submitting credit card or other sensitive information via your Web browser. Phishers are now able to:
   • Replicate the "https://" normally seen on a secure Web server and a legitimate-looking address. Make it a habit to enter the address of any banking, shopping, auction or financial transaction Web site yourself and not depend on displayed links.
   • Forge the yellow lock seen near the bottom of the screen on a secure site. The lock has been considered a “safe” indicator and when double-clicked, displays the security certificate for the site. Do not continue if you receive warning displays that the address of the site you have displayed does NOT match the certificate.
5. Get in the habit of looking at the address line to make sure you have the right Web site. Were you directed to PayPal? Does the address line display something different like "http://www.gotyouscammed.com/paypal/login.htm?" Be aware of where you are going.
6. Consider installing a Web browser tool bar to help protect you from known fraudulent Web sites. These toolbars match where you are going with lists of known phisher Web sites and will provide alerts.
7. Regularly log into all online accounts. Don’t leave it for as long as a month before you check each account.
8. Ensure that your browser is up to date and security patches are applied.

• Look closely at the sender’s e-mail address. Although the “From” e-mail can closely resemble a valid e-mail address, there are often unusual characters or constructs that can help confirm that the address is fraudulent.
• Check e-mail images and graphics. Images used in fraudulent e-mails are often broken (i.e., not present), out of place or incorrect. These problems typically occur when a fraudulent message attempts to reference an image from a legitimate entity’s Web site and fails.
• Pay attention to message format and text. Message length, grammar, word choice and sentence structure play a part in the success of a phishing e-mail. Take note if the message is brief and lacks personalization.
• Look for consequences resulting from a lack of action on your part. Does it demand your attention and indicate that there will be consequences if you do not take action? If so, this could indicate that the e-mail is fraudulent.
• Be wary of embedded hyperlinks or attachments. Hovering or moving your computer mouse pointer over an embedded hyperlink should reveal the associated Web URL. Always open a browser and type in the URL directly.

Report phishing e-mails to the following groups and include the entire original e-mail with its original header information intact:

• Use the reporting form from www.antiphishing.org or forward the e-mail to reportphishing@antiphishing.org
• Forward the e-mail to the Federal Trade Commission at spam@uce.gov
• Notify The Internet Crime Complaint Center of the FBI by filing a complaint on their Web site: www.ic3.gov/