How to Avoid Online
“Phishing” is a fraudulent technique used by online impostors to “fish” for, or lure you into supplying, your financial account credentials or personal information.
How phishing may occur
Typically, a phishing scam begins with the delivery of an unsolicited “spoof” e-mail message claiming to be from a bank or online merchant, with a subject line such as “Important Security Issue,” “Account Verification Required” or “Update Account.” The message directs you to a web page and asks you to enter your bank account or credit card account number, account password, Social Security number or other information to verify your identity. However, the web page is not actually associated with the bank or online merchant — it’s on a counterfeit replica site.
Occasionally, a spoof e-mail message may ask that you download a file attachment — a tactic to plant a computer virus, spyware or other software on your computer to collect financial account credentials or personal information.
How to avoid phishing scams
First, know that First Command Bank will never ask for sensitive financial or personal information, such as account numbers, passwords and Social Security numbers, in an unsolicited e-mail message. (Learn more about avoiding e-mail fraud.)
In addition, do not reply to or comply with any e-mail message that:
- Asks you to enter sensitive financial or personal information (account number, User ID, password, Social Security number) directly into the e-mail or on a non-secure web page
- Asks you to confirm or refresh your bank account, credit card or billing information
- States that your account has been compromised or that there has been third-party activity on your account, and asks that you enter or confirm your account information
- States that there are unauthorized charges on your account and asks that you enter or confirm your account information
- Threatens to close or suspend your account if you do not immediately supply the requested information
- Solicits your participation in a survey where you are asked to enter sensitive financial or personal information
To report suspicious e-mail messages
If you receive an e-mail message claiming to be from First Command Bank and you are uncertain about its authenticity, call us a 888.763.7600. You may also report suspicious e-mail messages to email@example.com.
If you believe you’ve been the victim of a phishing scam
Any action you take in compliance with a spoof e-mail request may compromise the security of your account or your computer. If you have taken any action in compliance with a fraudulent e-mail, or should you believe that your account has been otherwise compromised:
- Carefully review your account transaction detail now, and on a regular basis, through OnCommand
- Immediately report any fraudulent transactions by calling 888.763.7600 or via e-mail to firstname.lastname@example.org
- Change your OnCommand password from an uninfected PC
- Run a virus scan and spyware detection scan on your PC, and clean up any programs that are detected
- Change your OnCommand password again
To learn more about phishing, read the Federal Trade Commission report, “How Not to Get Hooked by a Phishing Scam.”