Frequently Asked Questions

  1. What is phishing?
    Phishing (pronounced “fishing”) refers to fraudulent communications designed to deceive customers into divulging personal, financial or account information. These scams come in different forms and are evolving regularly, such as e-mails that provide a link to a fraudulent site, inviting the recipient to enter personal information. In addition, several computer viruses have recently been used in an effort to silently capture information from infected machines. This underscores the importance of ensuring that your computer is fully patched, per the manufacturer’s instructions. Back to Top
  2. What does phishing look like?
    The nature of phishing schemes has evolved and is likely to continue to do so in the future. Currently, online/e-mail phishing is best described by the following characteristics:
    1. E-mails using company logos and familiar language reporting a problem and asking you to update your account information by prompt return e-mail or by filling out a website form.
    2. HTML links in e-mails that may resemble those of a legitimate business and direct you to websites that use company logos or otherwise appear to be authentic.
    3. E-mails with attachments asking you to install software so that fraudsters can use it to record your key strokes and online activity.
    4. E-mails that contain typographical or grammatical errors.
    5. Windows that pop up over a legitimate company’s website asking you to enter personal information. Back to Top
  3. How does phishing work?
    Phishing works by making an e-mail or web site appear to be legitimate, thereby providing potential victims with a false sense of security, while simultaneously creating a sense of urgency for immediate action to prevent cancellation of an account. Back to Top
  4. How do I protect myself?
    1. Consider whether the company would be likely to ask you for the kind of information being requested. Keep in mind, you do not need to give a company with which you have a business relationship your personal information. The company should maintain that information in their secured records. If you are at all in doubt about the authenticity of the communication, do not respond to the information request. Instead, contact the company through familiar communication channels (e.g., the phone number provided on your billing statement or credit card).
    2. Do not click on a link in an e-mail when you are not sure of its legitimacy, even if it looks genuine.
    3. If you feel your American Express account information has been compromised, please contact American Express immediately by calling the number on the back of your card. Or, for a list of phone numbers, please click here.
    4. Avoid e-mailing personal and financial information.
    5. Never open e-mail attachments from unknown sources and delete the e-mail in question immediately.
    6. Regularly review your account statements.
    7. Do not share IDs/user names and passwords.
    8. Change your passwords regularly.
    9. Install the latest anti-virus and firewall applications to your computer.
    10. Follow your computer manufacturer’s recommendations to ensure that your computer is current on its patches. Refer to your computer’s documentation or user’s manual for further information. Back to Top
  5. Where do I find more information on how to protect my personal and financial data?
    1. The Department of Justice and FBI provide useful additional resources to help you protect yourself against identity theft and credit card fraud:
      1. What is Identity Theft?
      2. Prevent Credit Card Fraud
    2. The Federal Trade Commission provides useful resources:
      1. “How Not to Get Hooked by the ‘Phishing’ Scam,” published by the Federal Trade Commission in July 2003, available at http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm.
      2. “ID Theft: When Bad Things Happen to Your Good Name,” published by the Federal Trade Commission in September 2002, available at http://www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm.