Kathleen G. Kane - Pennsylvania Office of Attorney General - Protecting Pennsylvanians

 Click for the Spanish Translation

ASK THE ATTORNEY GENERAL: How can I tell the difference between e-mails from companies I do business with and scams trying to rip me off?

In today's world, identity thieves are so sophisticated that the e-mails they send look just like legitimate messages from banks and other businesses.  These con artists use hijacked corporate logos and deceptive spam to deceive consumers into giving out credit card numbers, personal identification numbers or passwords, and other personal or financial data. 

It's a scam called "phishing" because it baits consumers with fake messages hoping to lure consumers into responding with passwords and other data.  These messages can be very convincing - often from an e-mail address that is similar to a legitimate organization or business. You may get a message from your internet service provider warning you that unless you update your billing information, you'll lose internet service.

Someone pretending to be your bank or credit card company may send a message saying your account has been compromised and you need to provide your PIN or Social Security Number to verify your information.  Another recent version of this scam comes in the form of a Paypal order 'confirmation' for a Dell computer purchase.  According to the message, unless you take action to cancel the transaction, your account will be billed hundreds of dollars.

These messages go to thousands of e-mail accounts every day, hoping to catch someone off guard.  Even people who don't have accounts with eBay, Paypal, and certain major financial institutions get messages purporting to be from those companies.  The surest was to tell fake messages from real ones is by remembering that no reputable company uses e-mail messages to ask for sensitive information.  You will never be asked for personal or financial information by companies you do business through urgent e-mail message.

How can I protect myself from this form of fraud?

  • NEVER reply to unsolicited e-mails or pop up messages asking for personal or financial information or requests to "verify" data about your account.  Banks, credit card companies, and businesses like Paypal and eBay do not send requests for PIN numbers or sensitive information to their customers.
  • Don't call any phone numbers contained in messages purporting to be from your bank or other companies you do business with.  Providing sensitive information to strangers by phone is as dangerous as sending it in an e-mail.  Also, don't open any links or documents contained in these messages - they may route you to a bogus website or download a virus onto your computer.

If you are not sure whether your bank or another company is trying to reach you, call the company directly at the telephone number on your card or monthly statement to speak with them.

What should I do if I've already responded to one of these messages?

  • If you sent information you thought related to an account you have with a particular business, call the company immediately to report the problem. 
  • Carefully review your account statements to look for unauthorized transactions.  Also consider getting a copy of your credit report to make sure there are no new accounts or credit in your name.  You can order one free copy of your credit report from each of the major credit bureaus every year by visiting www.annualcreditreport.com or calling 1-877-322-8228.
  • Alert your bank of the problem and check your account regularly.

Download the Identity Theft Toolkit from www.attorneygeneral.gov and follow the tips and advice provided.