IDENTITY THEFT: Fishing is legal, Phishing is not
By Walter E. Stewart, Jr., Executive Vice President & COO
Legal Mutual Liability Insurance Society of Maryland

What in the world is phishing? No, it’s not a misspelled word that my spell checker missed, but it is one of those newfangled words that relate to the wonderful computer era in which we now live. Phishing is a crime in which someone using a computer or telephone attempts to obtain from you information that will allow them to use your credit cards and/or bank accounts. Obviously, the goal is to get your money from your pocket into their pocket! Phishing is very much a part of “Identity Theft” which is a rapidly growing concern. The Federal Trade Commission (FTC) says, “Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.” The telephone contact is also used.

Phishers, as they are coming to be known, will send you an e-mail or call you on the telephone, pretending to be from a reputable establishment, and usually one with whom you do business. Their e-mail will often contain what appears to be a very proper corporate logo and they provide return e-mail addresses or web site links with the reputable establishment’s name in the address.

Phishers are very sneaky. They will discuss issues with you in a very professional manner and tell you:

  • there has been a serious problem with someone trying to access your account;
  • your account may have been compromised and they need to verify some information;
  • someone you don’t know has been authorized to use your account; or
  • if you don’t update your account information your account will be suspended or cancelled.

They may ask that you give them the three digit code on the back of your credit card simply to confirm that you are in actual possession of that card, or they might ask you to dial a certain telephone number while they stay on the line. The three digit code on the back of your credit card is a security code number which could allow them to use your credit card, and the number they ask you to dial on the telephone is a code that will allow them to charge long distance telephone calls to your account. They provide a return e-mail address link or web site link that always looks very legitimate, again with all the proper corporate logos, and will ask you to complete some form related to the bogus problem they’ve told you about, and again ask for information that will allow them to use your credit cards and/or bank accounts.

Identity theft is serious big crime business, so please don’t take it lightly. We here at Legal Mutual have already encountered phishing scams claiming to represent Internet service providers; Internet payment services; major credit card companies; Internet sales companies; local banks; and telephone companies.
In all cases either Legal Mutual or the employee contacted had an active account with the company that the phishers claimed to be representing. They appear professional, well mannered and very legitimate – BUT THEY ARE CRIMINALS, and should be taken very seriously as such. Remember, most legitimate businesses will never e-mail or telephone you about account problems, and they never ask for sensitive information over the telephone or via e-mail.

What should I do if I’m contacted by one of these phishing scams?

  1. NEVER GIVE ANY SENSITIVE INFORMATION OVER THE TELEPHONE.
  2. NEVER DIAL A REQUESTED TELEPHONE NUMBER WHILE ANOTHER PARTY STAYS ON THE LINE.
  3. NEVER GIVE ANY SENSITIVE INFORMATION TO AN E-MAIL PROVIDED LINK.
  4. HANG UP OR LOG OFF AND CONTACT THE COMPANY DIRECTLY THROUGH NORMAL CHANNELS – NOT – THROUGH THE PROVIDED CONTACT LINK to ascertain if there really is a problem; however, there usually is not.
  5. PRINT A COPY OF THE E-MAIL THEN DELETE IT. Printing a copy will allow you to report accurately the information contained in the e-mail to the company, FTC and FBI security personnel.
  6. IF YOU REALIZE YOU HAVE GIVEN SENSITIVE INFORMATION TO A PHISHING SCAM OVER THE TELEPHONE, OR VIA THE INTERNET, CONTACT THE COMPANY ON YOUR OWN AND REPORT WHAT HAPPENED IMMEDIATELY! ALSO, SEE BELOW FOR FURTHER INSTRUCTIONS ON WHAT TO DO.

Most legitimate companies have their own security or fraud department or personnel and will appreciate your providing any information helping to apprehend the phishers. The FTC, FBI and probably others are also working to apprehend these criminals.

The FTC maintains a web site at http://www.ftc.gov and an Identity Theft web site at http://www.consumer.gov/idtheft.

A more detailed report for consumers on how to avoid phishing scams can be found at http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm.

Business guidelines for avoiding identity theft can be found at http://www.ftc.gov/bcp/conline/pubs/buspubs/idtrespond.htm.

An ID Theft Affidavit for you to complete in helping to report an identify theft crime can be found at http://www.ftc.gov/bcp/conline/pubs/credit/affidavit.pdf. You will need Adobe Reader ® to download and print the affidavit. This affidavit also contains excellent instructions pertaining to everyone you should contact should you accidentally provide sensitive information about yourself. The local FBI asked that you also contact them via their Internet Fraud Complaint Center (IFCC) at either 1-800-251-7581 or http://www.ifccfbi.gov.

Identity theft is a horrible experience to go through, so we hope this article and suggested procedures will be of benefit in helping to avoid it happening to you.

Back to Risk Managment


The Legal Mutual Liability Insurance Society of Maryland is administered by Minnesota Lawyers Mutual.

© 1998-2007 Legal Mutual Liability Insurance Society of Maryland. All Rights Reserved.