Phishing

Phishing

What is phishing?

Phishing refers to scams that attempt to trick consumers into revealing personal information, such as bank account numbers, passwords, payment card numbers, or Social Security numbers. These scams can be done by phone, email, regular mail and even via text message. In addition to seeking bank information, phishers may also try to obtain your ATM PIN or any other bits of data that can help them build a more complete profile from which they can operate in your name.

Most commonly, phishers target unsuspecting users with fake Internet sites or email messages that look legitimate. This is sometimes referred to as "spoofing." Scammers also may leverage social networking sites, where users are already accustomed to sharing information with others.

How does phishing work?

Phishing emails and websites typically use familiar logos and graphics to deceive consumers into thinking the sender or website owner is a government agency, bank, retailer or other company they know or do business with. Sophisticated phishers may include misleading details, such as using the company CEO's name in the email "from" field. Another common phishing tactic is to make a link in an email (and the fake website where it leads) appear legitimate by subtly misspelling URLs or changing the ".com" to ".biz" or another easily overlooked substitution.

Some phishing scams even lure victims by telling them that their information has already been jeopardized. For example, potential victims may receive an email that appears to come from a major bank warning that their account has recently been exposed to fraudulent activity. Users are asked to click a link within the message so they can "confirm" their bank account information. Instead of going to the bank's legitimate website, however, victims are taken to a clever lookalike, where their information actually is routed to the scammer.

If you receive any message asking you to confirm account information that has been "stolen" or "lost" or encouraging you to reveal personal information in order to receive a prize, it may be a form of phishing.

It's important for consumers to know that Visa will not call or e-mail cardholders to request their personal account information, and Visa call centers do not initiate outbound telemarketing calls.

How can Visa help protect me from phishing?

Visa and the Better Business Bureau have launched a campaign to educate consumers on how to identify phishing scams, avoid becoming a victim, and report suspicious emails. The campaign strategies include:

  • Working with Visa card issuers to provide cardholder statement inserts
  • Issuing consumer and business alerts through local Better Business Bureaus
  • Encouraging merchants that are active on BBBOnLine and other BBB members to link from their websites to anti-phishing resources on the bbb.org site

You can learn about the other ways Visa is committed to ensuring your safety by reading the Visa Security Program.

How can I reduce my risk of phishing?

Always view any phone or email requests for financial or other personal information with suspicion, particularly any "urgent" requests. When in doubt, do not provide any information without first verifying the legitimacy of the request by calling the number printed on the back of your payment card. Find more tips for protecting yourself elsewhere in this section and on our security microsite: www.VisaSecuritySense.com.

Where can I learn more?

Learn about the latest variations of phishing and similar scams by following us on Twitter @VisaSecurity. Additional phishing resources are available on the Better Business Bureau and Call For Action sites. Read here about more ways for you to Get Help Now from Visa.

Did You Know?

Visa's best-in-class screening tools detect fraud in real time, 24/7.
Learn more >