|
Phishing attacks are growing quite sophisticated and difficult
to detect, even for the most technically savvy people.
And many people are getting onto the Internet and using
email or Web browsers for the first time. As a result,
some people are going to continue to be fooled into giving
up their personal financial information in response to
a phishing email or on a phishing website. If you have
been tricked this way, you should assume that you will
become a victim of credit card fraud, bank fraud, or identity
theft. Below is some advice on what to do if you are in
this situation (note - some of this information is specific
to United States federal laws):
|
|
| If you have given out your credit or debit or ATM card
information |
- Report the theft of this information to the card issuer
as quickly as possible
- Many companies have toll-free numbers and 24-hour
service to deal with such emergencies.
- Cancel your account and open a new one
- Review your billing statements carefully after the
loss
- If they show any unauthorized charges, it's
best to send a letter to the card issuer describing
each questionable charge.
- Credit Card Loss or Fraudulent Charges (FCBA).
- Your maximum liability under federal law for
unauthorized use of your credit card is $50.
- If the loss involves your credit card number,
but not the card itself, you have no liability
for unauthorized use
- ATM or Debit Card Loss or Fraudulent Transfers (EFTA).
- Your liability under federal law for unauthorized
use of your ATM or debit card depends on how quickly
you report the loss.
- You risk unlimited loss if you fail to report
an unauthorized transfer within 60 days after your
bank statement containing unauthorized use is mailed
to you
|
| If you have given out your bank account information |
- Report the theft of this information to the bank as
quickly as possible
- Cancel your account and open a new on
|
| If you have given out your eBay account |
|
If someone else is using your account to bid, leave feedback, or list
auctions without your permission:
- Contact eBay
- eBay has set up a link for HIJACKED ACCOUNTS
- If someone is currently listing auctions on
your account, you may also use the hotline options:
- Member Problems... Law Enforcement... Please
Investigate a Current Listing for Possible
Fraudulent Activity
- Please only use this option if there are current
fraudulent auctions.
- Attempt to sign in and change your password
- If you are able to sign in, change your password
and hint immediately, and begin to undo any damage
done by the hackers
- remove any bogus auctions, contact bidders
and sellers, etc.
- If you were unable to regain control of your
own account, eBay will likely suspend it for a
while until they complete their investigatio
|
| If you have downloaded a virus or Trojan |
|
Some phishing attacks use viruses and/or Trojans to install programs
called "key loggers" on your computer. These programs capture
and send out any information that you type to the phisher, including
credit card numbers, usernames and passwords, Social Security Numbers,
etc. In this case, you should:
- Install and/or update anti-virus and personal firewall
software
- Update all virus definitions and run a full scan
- Confirm every connection your firewall allows
- If your system appears to have been compromised, fix
it and then change your password again, since you may
well have transmitted the new one to the hacker
- Check your other accounts! The hackers may have helped
themselves to many different accounts:
- Check your eBay account, PayPal, your email ISP,
online bank accounts, online trading accounts,
Amazon.com and other e-commerce accounts, and everything
else for which you use online password
|
| If you have given out your personal identification
information |
|
Identity theft occurs when someone uses your personal information such
as your name, Social Security number, credit card number or other identifying
information, without your permission to commit fraud or other crimes.
If you have given out this kind of information to a phisher, you should
do the following:
- Report the theft to the three major credit reporting
agencies, Experian, Equifax and TransUnion Corporation,
and do the following:
- Request that they place a fraud alert and a victim’s
statement in your file.
- Request a FREE copy of your credit report to
check whether any accounts were opened without
your consent.
- Request that the agencies remove inquiries and/or
fraudulent accounts stemming from the theft.
- Major Credit Bureaus
- Equifax - www.equifax.com
- To order your report, call: 800-685-1111
or write: P.O. Box 740241, Atlanta, GA 30374-0241
- To report fraud, call: 800-525-6285 and
write: P.O. Box 740241, Atlanta, GA 30374-0241
- Hearing impaired call 1-800-255-0056 and
ask the operator to call the Auto Disclosure
Line at 1-800-685-1111 to request a copy
of your report.
- Experian - www.experian.com
- To order your report, call: 888-EXPERIAN
(397-3742) or write: P.O. Box 2002, Allen
TX 75013
- To report fraud, call: 888-EXPERIAN (397-3742)
and write: P.O. Box 9530, Allen TX 75013
TDD: 1-800-972-0322
- Trans Union - www.transunion.com
- To order your report, call: 800-888-4213
or write: P.O. Box 1000, Chester, PA 19022
- To report fraud, call: 800-680-7289 and
write: Fraud Victim Assistance Division,
P.O. Box 6790, Fullerton, CA 92634 TDD: 1-877-553-7803
- Notify your bank(s) and ask them to flag your account
and contact you regarding any unusual activity:
- If bank accounts were set up without your consent,
close them.
- If your ATM card was stolen, get a new card,
account number and PIN.
- Contact your local police department to file a criminal
report.
- Contact the Social Security Administration’s Fraud
Hotline to report the unauthorized use of your personal
identification information.
- Notify the Department of Motor Vehicles of your identity
theft.
- Check to see whether an unauthorized license
number has been issued in your name.
- Notify the passport office to be watch out for anyone
ordering a passport in your nameFile a complaint with
the Federal Trade Commission.
- Ask for a free copy of "ID Theft: When Bad
Things Happen in Your Good Name", a guide
that will help you guard against and recover from
your theft.
- File a complaint with the Internet Fraud Complaint
Center (IFCC)
- http://www.ifccfbi.gov/index.asp
- The Internet Fraud Complaint Center (IFCC) is
a partnership between the Federal Bureau of Investigation
(FBI) and the National White Collar Crime Center
(NW3C), with a mission to address fraud committed
over the Internet.
- For victims of Internet fraud, IFCC provides
a convenient and easy-to-use reporting mechanism
that alerts authorities of a suspected criminal
or civil violation.
- Document the names and phone numbers of everyone you
speak to regarding the incident. Follow-up your phone
calls with letters. Keep copies of all correspondence.
|
| For More Information |
|
For more information, check some of the following sources:
Identity Theft Help Sites:
- http://www.consumer.gov/idtheft/
- http://www.identity-theft-help.us/
- http://www.identitytheft.org/
- http://www.usdoj.gov/criminal/fraud/idtheft.html
- http://www.ifccfbi.gov/index.asp
- http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm
For more information about how to protect yourself, see
our Fact Sheet 17a Identity Theft: What to do if It Happens
to You at www.privacyrights.org/fs/fs17a.htm.
Read the information and tips put out by the Federal Trade
Commission about phishing at www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm.
Read the Department of Justice's recent whitepaper "Special
Report on Phishing" at http://www.antiphishing.org/DOJ_Special_Report_On_Phishing_Mar04.pdf |
