Unscrupulous e-mail transmissions are being sent that are designed to fool the individual into believing that they have received a legitimate offer or information request and elicit a response. Known as phishing, these devious e-mails are used to lure victims into revealing their personal financial data. Basically, these online criminals use these e-mail transmissions as the bait when “fishing” for ways to steal your money, credit and even your identity.

The Scam

By disguising the e-mail message to look like a legitimate communication from a well-known company, the sender seeks out personal information such as your social insurance number, your address, bank account numbers, passwords or credit card numbers. The e-mail might ask you to review your account with a warning that failure to do so will result in future problems or even cancellation of services. Sometimes the e-mail will promote an attractive contest for which you must complete an online form.

To ensure that the offer looks credible, the thieves have gone so far as to include an e-mail link to “look alike” websites that imitate the real organization's logo and format. The phony site may look credible but, in reality, the site is controlled by criminals.

Sometimes the scam is in the form of an e-mail that masquerades as a request from your financial institution. To motivate a response, the e-mail may caution that your credit line is going to be cut or services terminated if the requested information is not provided immediately by clicking on the link and completing an online form. Given today's busy schedules, many times the victims will quickly fill in the electronic form simply to get rid of the problem without further investigation of the legitimacy of the e-mail request.

How Can You Protect Yourself?

Since you would not reveal personal, financial and private information to just anyone who asks, do not provide this information online.

To protect your privacy, money and identity:

• Be wary of any e-mail that looks suspicious or out of character.
• Do not respond to e-mailed requests for personal and financial information.
• Do not use the link provided in a suspicious e-mail or complete an online electronic file.
• Call the company or the financial institution to verify that the information request was sent by e-mail. Do not use the telephone number provided on the e-mail as it too could be phony.
• If the request is legitimate, go directly to the company or institution's website and log on there. Type in the website in your browser. Do not use a link that has been provided in an e-mail.
• If an e-mail request for personal information appears to be sent from a representative that you know, send a separate e-mail to that person confirming that the request is legitimate. Do not click on reply. Better still, call that person directly.
• If you must transmit sensitive information online, make sure the website is secure.
• Do not send e-mails containing sensitive personal, financial or private information unless you know it is safe, e.g., use encryption.

If you have responded to an e-mail request for personal information that turns out to be phony, take immediate action:

• Report the crime to your local police immediately.
• Contact your financial institution and change all your PINs, access codes and passwords.
• Contact the credit bureaus. Call directly or go to their websites:
  • Equifax Canada at www.equifax.com
  • TransUnion Canada at www.tuc.ca.

Phishing is yet another spin on fraud and identity theft. Take extra precautions before responding to any e-mail that requests sensitive financial and personal information.