Charles H. Bronson, Commissioner - LuAnn Stiles, Director

• Department Home
• Consumer Services Home
• About Us
• Info For Consumers
• Regulated Programs
  Info For Businesses
• Register Online
• File a Complaint
• A-Z Resource Guide
• Gift Givers' Guide
• Consumer E-Newsletter
• Florida's Lemon Law
• Florida Do Not Call List
• Price Gouging
• Publications
• LifeSmarts
• Contact Us
• Search
• Public Meetings, Hearings, or Workshops
• Select a Division

Phishing - Don't take the Bait

Phishing is a high-tech scam that uses spam, pop-up messages and emails to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.

According to the Federal Trade Commission (FTC), phishers send an email or pop-up message that claims to be from a business or organization that you deal with – for example, your Internet service provider (ISP), banks, online payment service, or even a government agency. The message usually says that you need to “update” or “validate” your account information. It might threaten some dire consequence if you don't respond. The message directs you to a Web site that looks just like a legitimate organization's site, but it isn't. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince up to 5% of recipients to respond to them.

The FTC, the nation's consumer protection agency, suggests these tips to help you avoid getting hooked by a phishing scam:

• Don't click on the link. If you get an email or pop-up message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies don't ask for this information via email. If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct web address. In any case, don't use the link in suspected “phishing” message.
• Don't email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization's Web site, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a web site that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
• Be aware. Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
• Be protected. Use anti-virus software and keep it up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically. A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It's especially important to run a firewall if you have a broadband connection. Finally, your operating system (like Windows or Linux) may offer free software “patches” to close holes in the system that hackers or phishers could exploit.
• If you think you've been hooked. If you have recently shared your credit card or bank account information in response to an unsolicited email you should notify your credit card company or bank immediately and discuss whether you should cancel your accounts. In any event, you should carefully monitor your accounts. If you provided your Social Security number, you should contact one of the three national consumer reporting agencies, ask that a fraud alert be placed on your accounts and obtain copies of your credit reports. You also should visit the FTC's Identity Theft Web site to file a complaint.

The links below are for your information only. The goal of the Division of Consumer Services is to provide information to consumers and additional web sites that will better inform you. The Florida Department of Agriculture and Consumer Services does not review or confirm these sites for accuracy.

Anti-Phishing Working Group
The Anti-Phishing Working Group (APWG) is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing and email spoofing of all types.

Federal Trade Commission (FTC)
Report suspicious activity to the FTC. If you get spam that is phishing for information, forward it to spam@uce.gov . If you believe you've been scammed, file your complaint with the FTC.

Group Warns Consumers Not to Take the Bait in Phishing Scams (8/18/2004) Identity thieves are using a new scheme dubbed “phishing” to trick people into providing their Social Security Numbers, financial account numbers, passwords, PIN numbers, and other personal information, and anyone with a telephone or email can be a victim, warns the National Consumers League (NCL) .

Identity Theft, How to Avoid
Did you know that your personal information can be stolen?  It's hard to believe, but if you aren't careful with your personal information you may be an easy target for identity theft.  Review this brochure to see how you can avoid becoming a victim of identity theft! (¡Español!)

Back to Top

updated 12/22/04