 |
 |
 |
| What is phishing? |
|
 |
Phishing (pronounced "fishing") refers to fraudulent communications designed to deceive consumers into divulging personal, financial, or account information. |
|
|
Phishing emails often appear to come from legitimate financial institutions or retailers. |
|
|
Such requests may ask for information including account numbers, passwords, user names or social security numbers. |
|
|
These fraudulent emails often create a false sense of urgency intended to provoke the recipient to take immediate action; for example, phishing emails frequently instruct recipients to "validate" or "update" account information or face cancellation. In addition, marketing offers may also be used for attempted phishing. |
|
|
Phishers use a variety of techniques, which may include false "From" addresses, authentic-looking logos, or Web links and graphics. These techniques mislead consumers into believing that they are dealing with a legitimate request for sensitive information. |
|
|
Attachments within an email can also facilitate phishing. Do not open attachments in unfamiliar emails, as they may place programs known as “key stroke loggers” on your PC, which capture keystrokes you make (including when you logon to a site and enter your password). The data obtained can then be used to commit fraud. |
|
|
| back to top |
|
| What does phishing look like? |
|
| The nature of phishing schemes has evolved and is likely to continue to do so in the future. Currently, online/e-mail phishing is best described by the following characteristics: |
|
|
E-mails using company logos and familiar language reporting a problem and asking you to update your account information by prompt return e-mail or by filling out a website form. |
|
|
E-mails with attachments asking you to install software so that fraudsters can use it to record your key strokes (called Keystroke Logging) and online activity. |
|
|
E-mails that contain typographical or grammatical errors. Spelling errors allow fraudsters to bypass spam filters used by Internet Service Provides (ISP’s). |
|
|
Windows that pop up over a legitimate company's website asking you to enter personal information. |
|
|
| back to top |
|
| How does phishing work? |
|
| Phishing works by making an email or web site appear to be legitimate, thereby providing potential victims with a false sense of security. The email or website requests the recipient to provide sensitive information, which may later be used to commit fraud, whether it be Identity Theft, or purchasing goods using your card information. |
|
| back to top |
|
| How do I protect myself? |
|
| Consider whether the company would be likely to ask you for the kind of information being requested. If you are at all in doubt about the authenticity of the communication, contact the company through familiar communication channels (e.g., the phone number provided on your billing statement or credit card). |
|
|
Do not click on a link in an e-mail when you are not sure of its legitimacy, even if it looks genuine. If you are at all in doubt, contact the company directly. See How American Express protects your privacy. |
|
|
Avoid e-mailing personal and financial information. |
|
|
Never open e-mail attachments from unknown sources and delete the e-mail in question immediately. |
|
|
Regularly review your account statements. |
|
|
Do not share IDs/user names and passwords. |
|
|
Change your passwords regularly. |
|
|
Be aware that other Internet companies that you do business with may be phished. If you pay an online service and/or have your credit card on file with an Internet based company, be cautious of emails from such companies that request you validate your credit card or checking account numbers. |
|
|
Install the latest anti-virus and firewall applications to your computer. |
|
|
Follow your computer manufacturer's recommendations to ensure that your computer is current on its patches. Refer to your computer's documentation or user's manual for further information. |
|
|
If you feel your American Express account information has been compromised, please contact American Express immediately by calling the number on the back of your card. Or, for a list of phone numbers, please click here. |
|
|
|
| back to top |
|
| Where do I find more information on how to protect my personal and financial data? |
|
| American Express provides useful additional resources to help you protect yourself against identity theft and credit card fraud. To learn more, visit Protect Your Identity. |
|
|
|
| The Federal Trade Commission provides useful resources: |
|
|
"How Not to Get Hooked by the 'Phishing' Scam", available on the Federal Trade Commission website at www.ftc.gov |
|
|
"Take Charge: Fighting Back Against Identity Theft", available on the Federal Trade Commission website at www.ftc.gov |
|
|
| back to top |
|
| How do I report suspected phishing attempts? |
|
| If you receive an e-mail that you believe could be fraudulent, immediately forward it to Anti.Phishing.Team@aexp.com It is strongly recommended that you file a report at www.fbi.gov, www.ftc.gov or www.antiphishing.org. |
|
| back to top |
|
