How Do Phishing Scams Work?

Phishing scams may take many forms, but they usually start with an e-mail, instant message or pop-up window asking you to update your personal information. One of the following often accompanies this request:

A threat or warning that failure to update your information will result in the closure of an account or cancellation of a subscription
An offer of a prize or some other form of financial compensation
A note that you have received pictures or an instant greeting
A confirmation of an online purchase

Phishing attempts may masquerade as official notifications from reputable companies, such as your bank, your credit card company, or even AOL. The message will usually encourage you to click on a link that takes you to a "copycat" Web site designed to look identical to a legitimate site. Such copycat sites are also known as "spoofed" sites.

Once at the spoofed site, you may be asked to enter your screen name or username and password, your credit card number and expiration date, your Social Security number, or other personal information. Entering this information can give the phisher access to your account to send spam, steal your identity, make fraudulent purchases or otherwise use your identity.

If you believe you have given away your screen name and password:
Change your password immediately.

If you believe you have given away your billing information: First, notify the bank or other business that holds your account. Then visit the FTC's National Resource for Identity Theft Web site at


How to Help Avoid Phishing Scams

1. Be suspicious of any e-mail or other message containing an urgent request for your personal information.

Phishing scams typically include upsetting or exciting (but false) statements to encourage victims to act immediately. They typically ask for information like screen names or other usernames and passwords, credit card numbers, Social Security numbers and more.

2. Even if you think a request for information may be legitimate, don't click the links in the e-mail to visit a Web site.

Sometimes links can be disguised to look like they're taking you to a real site, when they're actually taking you to a scam site. Instead of clicking a link, type the Web site's address by hand to ensure that you go to the company or organization's real site.

If the request for information is coming from a company or organization with whom you have a relationship, call them directly to confirm whether they actually need the information and, if so, whether you can provide it over the telephone.

3. Be extremely careful if you share personal or financial information online.

Never provide sensitive information via e-mail or instant message. Providing this information via Web site is acceptable only if you are certain that the site is legitimate, and the site is secured (see below for additional info).

4. If you submit information to a Web site, make sure the site is secure.

Look for the "lock" icon on the status bar at the bottom of your browser window. The lock icon typically appears in the lower right-hand corner of the browser window. In addition, check the beginning of the URL or Web address - if it starts with "http
s://," rather than just "http://," you're on a secure server.

5. Review credit card and other account statements regularly.

If you see anything suspicious, contact your banks and all your credit card issuers immediately. If your statement is late by more than two or three days, call your credit card company or bank to confirm your billing address and account balances.

6. Keep your operating system and Web browser up to date.

To update your Windows® operating system and your Internet Explorer® browser, go to
Follow the instructions there to check for updates, then download and install any critical updates.

7. Install and run anti-virus software and update it frequently.

No matter which anti-virus program you use, make sure you keep it up-to-date, or it will provide less and less protection over time. Instructions for updating your software should be included in your program's manual or help area. You can also check the program manufacturer's Web site for instructions.

8. Run Spyware Protection software regularly.

Programs such as Spybot Search and Destroy and SpywareBlaster will help get and keep you free of spyware.  And they're free, too!  For more info and software, check here.

9. Run firewall software on your computer.

A firewall is your computer's first line of defense against harmful attacks from the Internet. If you have a broadband connection, use firewall software to hide your computer from hackers and help protect it from destructive computer trojans and worms.
One of the best firewalls you can get has a free version -- get Zone Alarm here.

10. Report any phishing scams you receive to the following organizations.

Report e-mail phishing scams to AOL by clicking the "Report Spam" button at the bottom of the AOL mailbox or use the Report Spam icon at the right when you are reading the message.
Forward the scam e-mail to the company featured in the e-mail if it is a legitimate company.
Forward the entire e-mail to the Federal Trade Commission at