My wife got an e-mail over the weekend saying that her Citi Dividends credit card had been ‘restricted from use' due to ‘suspicions about the address on file'. It then gave the address on file.
It wanted her to immediately log into her account and was nice enough to give her a link to do so.
The entire e-mail looked legit. Except that none of it was.
She had me go look at it, since I do all the work with our banks and credit cards and such. I took one look at the e-mail and realized it was an attempt at phishing. The link that was provided for logging in did not point to Citi's website. It pointed to a different site that I'm sure would have happily collected any login information we would have entered, and used it for illicit purposes.
My wife had gotten issued a new card because of potentially fraudulent exposure a few months back. Based on the fact that they actually had our address, I'm wondering if that was the fraudsters trying to actually use the information they had gleaned as a way to get actual credit card information.
If you get an e-mail asking for information like this, make sure you protect yourself:
- Don't act on any e-mails you get. Call the number on the back of your card before clicking anything. If there is an actual concern with your account, this will be flagged and you will be able to work through it. Again, make sure it's the number on the back of your card, not any one that you get in an e-mail.
- Check your information often. If anything ever looks out of place, you will know about it sooner if you check your balances regularly. The longer duration that takes place between any fraudulent activity and you reporting it will potentially put you on the hook for more of it.
- Report any suspicious activity. If you suspect a problem, let the company know. They don't want their name attached to any phishing scams, so they should work harder to ensure that the criminals are stopped.
- Look for overly personal information. When I saw the e-mail, I was struck by two things: First, that they had the correct address but more importantly, that they actually included the address in the communication. No financial institution should ever send out any personal information in an e-mail, and the fact that there was something there raised my ‘BS' meter more so than if it wouldn't have been there.
- Trust your hunch. If something doesn't seem right, trust your hunch and act accordingly. Or another way to put it is: Don't trust anybody but yourself.
Have you had any attempted phishing scams try to get your information lately? Did you shut them down?