Don't take the bait!

  • Published
  • By Master Sgt. Cassandra L.Dyer
  • 48th Communication Squadron
If you received an email that told you, they will take all your money if you click on their web link, would you do it. Of course not!

So why do so many people get their identification stolen and lose all their savings? One way is through "phishing," a variation on "fishing." The idea being that bait is thrown out with the hopes that some will be tempted into biting. Even if a scam artist sends out 10,000 phishing attempts and only 2 people fall for it, that is still a lucrative scam.

If you have a personal email account, you probably have seen these types of emails. An official looking email informs you that your account may have been accessed by an unofficial third party and it is urgent you click on the URL provided to confirm/update/verify your account data. Now if you are foolish enough to follow the link, it takes you to a website that looks just like the official website you have been to before. Here is an example of a site that has been spoofed to look like Bank of America Military Banking.

The less knowledgeable person may think, the site knows what number my card starts with, so it must be okay. Every credit card belonging to Bank of America starts with the same number. For Visa and MasterCard, the first six numbers are the Bank Identification Number. The next nine digits are the individual account number and the last digit is the validity check code. No credit card company will ever ask you to verify your credit card number and expiration date in this manner. They also will never ask you for your PIN. If you give this information away, kiss your fortunes goodbye!

The way a phishing fraud works is the culprit sets up of a website to mirror a real website. Everything on the website looks just like what you are used to seeing when you visit the original website. Everything, that is, except the web address. The address is usually very similar in an attempt to gain your trust.

If you ever have any doubt, do not click on the web link provided. Instead, manually type in the website you know to be true. If the message were real, it would be on their home page. If you do not know the web site, call the number on the back of your card for more information. Many of the automated phone services will cite the website while you are queuing. Protect your identity by following these simple steps. 

1. If you suspect an e-mail may be phishing, contact the organization's customer support center immediately. Only call the number found on your credit card statement or the back of your card. Voice phishing is another way to steal your information by giving you a false number to call. 

2. Be very skeptical of "urgent" messages that require you to enter confidential information. Never click on the URL link provided until you feel confident it's legit. 

3. Keep your Internet browser software up to date and use an anti-virus and anti-spam product. 

4. Check your online account balances and transactions regularly for any discrepancies. Do not wait for your monthly reconciliation.

Another way of protecting yourself is by keeping up on your credit report. The Fair and Accurate Credit Transactions Act of 2003 allows consumers to request an annual credit report without any cost or gimmicks. Go to https://www.annualcreditreport.com to request reports from all of the nationwide consumer credit reporting companies.

NOTE: This website will only work within the United States or from a government computer. There are websites out there claiming to be free, but in the end, they are not, so be careful. Since you can only request a free report from each company once every 12 months, you may want to spread out your request.

There are three consumer credit reporting companies so consider requesting a report every 4 months using a different company each time. You may find minor differences between the consumer credit reporting companies, but all three companies are vigilant.