Back to Customer Service Center
Identity Theft Prevention
What are phishing and pharming and how can I avoid them?
Phishing and pharming have become the most troubling identity theft scams currently on the Internet.
Phishing - Pronounced "fishing" it occurs when thieves pretend to represent a reputable organization and try to "hook" you into providing personal information.
Pharming - Pronounced "farming" it occurs when you enter personal data into a fraudulent Web site.
How do they work?
Phishing - Typically, a thief uses an e-mail or pop-up window (small windows or ads that appear suddenly in front of, over or under the window you are currently viewing) claiming to be from a business or organization with which you regularly conduct business. The message may direct you to a Web site that appears legitimate. The thief often poses as a representative from a:
- Financial institution
- Credit card company
- Online merchant
- Utility company
- Internet service provider
- Government agency
- Prospective employer
The message typically includes bogus ways to appeal to the reader, such as problems with an account or billing errors, and asks you to confirm your personal information. Different approaches include, but are not limited to, "We're updating our records," "We've identified fraudulent activity on your account," or "Valuable account and personal information was lost due to a computer glitch." To encourage you to act immediately, the e-mail usually threatens that the account could be closed or canceled.
Most phishing e-mail will ask you to click on a link that takes you to a replica of the victim company's Web site. Despite the convincing appeals, you should not respond to unsolicited e-mail that directly asks you to divulge personal information. Reputable organizations generally will not request your account number or password unless you initiate the transaction.
Pharming - This occurs when your computer is infected with malicious software, which permits unauthorized access to your computer. The software lets someone else observe your activities, read data or even control your computer. With pharming, the thieves do not have to rely on having you click an e-mail link to deceive you. With the software installed on your computer, even if you correctly enter a URL (Web address) into a browser's address bar, they can still redirect you to a fraudulent Web site that impersonates a legitimate Web site. Once there, you are asked to enter personal information such as a password or credit card number that the thieves steal and then either use or sell.
How to Avoid Phishing & Pharming
The number and sophistication of phishing and pharming scams continues to dramatically increase. Although online banking and e-commerce are safe, as a general rule, be careful about providing your personal financial information over the Internet.
The Anti-Phishing Working Group, an industry association, has compiled a list of recommendations you can use to avoid becoming a victim of these scams:
- Be suspicious of unexpected e-mail with urgent requests for personal financial information. Most legitimate companies and agencies do not operate in this manner.
- Unless the e-mail is digitally signed, you can't be sure it wasn't forged.
- Phishing e-mail typically include upsetting or exciting (but false) statements to get people to react immediately.
- These e-mails typically ask for information such as usernames, passwords, credit card numbers and Social Security numbers.
- Although phishing e-mail typically are not personalized, valid messages from your bank or e-commerce company generally are.
- Don't use the links in an e-mail to go to a Web page if you suspect the message is not authentic. Instead, call the company or go to the company's Web site by typing the Web address (i.e., www.mybank.com) in your browser.
- Avoid completing forms in e-mail messages that ask for personal financial information. Communicate information such as credit card numbers or account numbers only via secure Web sites.
- Always ensure that you're using a secure Web site when submitting credit card or other sensitive information via your Web browser.
- A padlock icon should be displayed (most often in the lower right-hand corner of the browser).
- Double-click on the padlock icon to see who owns the security certificate. A fake certificate will either not have a certificate or be owned by an entity that appears to be unrelated.
- Do not click yes when you receive a pop-up box telling you that the Web site's "certificate" does not match the address being visited. Unfortunately, no indicator is foolproof; some fraudulent sites have forged security icons.
- Regularly log on to your online accounts. Don't wait more than a month before you check your accounts.
- Regularly check your bank and credit and debit card statements to ensure that all transactions are legitimate. If anything appears suspicious, contact your bank and all card issuers.
The Federal Trade Commission offers these suggestions:
Update your virus protection software regularly. Install updates for your operating system and other software programs to protect against intrusions and infections that can lead to the compromise of your computer files or passwords. You ideally should set your operating system and virus protection software to update automatically.
Do not open files, click on hyperlinks or download programs sent from people or companies you don't know. Be cautious about using file-sharing programs. Opening a file could expose your system to a computer virus or spy ware, which could capture your passwords or any other personal information as you type it.
Install a firewall program, especially if you use a high speed Internet connection such as cable, DSL or T-1. A firewall stops uninvited access to your computer. Without it, identity thieves can access your computer, retrieve your personal information stored on it and use it to commit other crimes.
Delete all personal information from your computer before disposing of it. Use a "wipe" utility program to overwrite your computer's entire hard drive
Do not store financial information on your laptop unless it is critical to do so. If you do:
- Use a strong password - a combination of letters (upper and lowercase), numbers and symbols.
- Don't use an automatic log-in feature that saves your user name and password
- Make sure you log off when you're finished. This helps keep your personal information secure if a thief steals your laptop.
- When forwarding spoofed messages, always include the entire original e-mail with its original header information intact.
- The Federal Trade Commission has an Identity Theft consumer report complaint form.
- Notify the FBI’s Internet Fraud Complaint Center
- The Social Security Administration
- U.S. Postal Service (ID Theft involving Mail)
Bank and other accounts:
Individuals who believe that one of their accounts has been stolen should verify the extent of damage and contact their financial institutions immediately.
Consumer Credit Counseling Service:
If fraudulent charges are discovered, the victim should call their local Consumer Credit Counseling Service at 800-388-2227 (or locate a regional bureau at www.nfcc.org for assistance in clearing false claims from his or her credit report.
AnnualCreditReport.com offers a once a year Free Report at https://www.annualcreditreport.com/cra/index.jsp
Credit Reporting Bureaus to place a fraud alert and to order a credit report:
Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials. Social-engineering schemes use 'spoofed' e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware. Pharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning.
FNB Online and Secure Sign On
First National Bank in Pratt is proud to offer its' customers our safe and convenient online banking product, FNB Online. With Secure Sign On, we are better able to thwart thieves attempts to intercept our customers' financial information.
Secure Sign On adds another level of security to FNB Online, offering further protection from online fraudulent activity.
Secure Sign On protects you from identity theft and fraud in two ways:
- You will know you are in the right place: Secure Sign On provides you with visual cues when you sign on, so you know that you are on our Website and it is safe to enter information. This will help you protect yourself from fraudulent look-alike sites.
- We will know it’s really you:
Secure Sign On helps us ensure that only authorized individuals can access financial information using FNB Online
First National Bank in Pratt is pleased to bring you Deluxe Provent, an integrated suite of identity theft protection services that provides ID protection on all fronts, including: Prevention, Detection and Restoration. For more information just click on the Deluxe banner ad.