Among e-mails from friends, family, and colleagues, you may have seen something like this:

“Dear valued Bank X customer, we’ve reviewed your account and discovered an inaccuracy in your information. Please follow the link below to verify your account . . .”

Sound legitimate? It probably isn’t. Chances are you’ve just been hit by a phishing scam. These scam artists try to con you to hand over your sensitive personal data via spam e-mails or pop-up windows. Phishing scams are designed to deceive unsuspecting people into disclosing valuable personal information, such as credit card numbers, account data, social security numbers, and passwords. Most often, they appear to be a genuine notice from a trusted source.

If you get such a message, know that there is nothing personal behind it. You are not being specifically targeted. You are one of thousands who likely get the same message. That’s why it’s called “phishing”; the scammers are putting out their nets, in a sense, to see who bites.

You may think you won’t get caught, but scams are becoming increasingly more professional and target more and more people. Many are now taking the actual logos of the sites they pretend to be from, while they brazenly put in a disclaimer claiming that fraudulent use of the Internet is a crime!

There are simple precautions you can take to make sure that you do not become a victim. If you notice any of these “red flags,” think twice before handing out information:

• The e-mail contains urgent requests for personal financial information, or to reconfirm existing information, and either asks you to follow a link or to fill out a form in the e-mail.
• The message uses scare tactics to convince you that your security is being threatened.
• The message is addressed “Dear customer,” or some other impersonal greeting.
• The message is from a bank or Web site you do not do business with.
• The message appears to be from somewhere you do transact business with. Scammers often use well-known entities, such as leading Web sites or big credit card issuers, assuming there is a high probability that the owner of a random e-mail account uses that particular company.
• The message has misspelled words and punctuation errors, or does not use correct English. (Many phishers operate outside the U.S.)

If you suspect the site is not secure, do not enter any credit card numbers or account information. You can identify a secure Web site by its address. A secure source will begin “https” rather than just “http.” Please note: This is not a fail-safe method. Some hackers have learned to forge the security “s.”

So what if you get a message and it still looks genuine? Continue to exercise caution. Some ways to avoid being lured in:
 

• Never click on the link in the e-mail. Go to the site in question yourself and log into your account from there.
• Mouse over the link in the e-mail; some Internet browsers show you at the bottom of the screen where the link goes to. Again, this is not a foolproof method either. Scammers are getting more sophisticated in “spoofing” legitimate Web sites’ addresses.
• Review credit card and bank statements regularly. Look for any suspicious transactions.
• Be cautious of attachments, regardless of who sent them.
• Don’t give out personal financial information unless you’re on a secure Web site.
• Install anti-virus software and keep it up-to-date.
• Avoid e-mailing personal financial information. E-mail is not a secure method of communication. Most banks will never ask you to submit personal information this way.
• Call your bank or credit card company to double-check that the message is legit.
• Alternately, forward the message on to the Web site in question for their opinion. Many, such as Amazon, eBay, and numerous banks, have phishing or “spoofing” departments to determine legitimate e-mails from fake ones.
• Don’t fall for warnings that you must respond within 24 hours, or some other accelerated time frame, in order to keep your account open.

If you are unsure if the message is valid, contact the company it was sent from (use the phone number listed on their official Web site—never what the e-mail provides). If you suspect you’ve been scammed, notify the bank or credit card company that you think you provided account information for, as well as the company targeted in the e-mail. This is to prevent your information from being used maliciously. To prevent this scammer from striking others, contact the Federal Trade Commission at www.ftc.gov and file a complaint. Your next step is to visit the FTC’s Identity Theft Web site at www.consumer.gov/idtheft—victims of phishing may be especially vulnerable to identity theft.

It’s much easier to prevent yourself from becoming a phishing victim, than it is to resolve the problems once they occur. Use caution when forging your way through the Web, and you may not be caught by phishers.

Gary Williams is President of Williams Asset Management in Columbia, MD. He is also a registered representative of Commonwealth Financial Network—a member firm of the NASD/SIPC. He can be reached at (410) 740-0220 or at gary@williamsassetmanagement.com.