CONSUMER ADVISORY: Increased Risk of Phishing Emails

HARRISBURG – Acting Attorney General Bill Ryan today encouraged Pennsylvanians to be on the lookout for potential phishing emails following a security breach at an online marketing firm.

Ryan said the breach exposed the names and e-mail addresses of customers of some of the country’s largest companies, including JPMorgan Chase, Citibank, Target and Walgreens. The number of consumers affected by the breach is unknown, but is anticipated that there will be a surge in phishing attacks on customer’s email accounts.

Additionally, Barclays Bank, U.S. Bancorp, Walk Disney, Marriott, Ritz-Carlton, Best Buy, L.L. Bean, Home Shopping Network, TiVo and the College Board alerted customers or acknowledged being affected by the security breach.

Ryan said that in contacting their customers, these companies cautioned consumers and reassured them that no passwords, account numbers, credit card information or other confidential data was compromised.


Phishing is a spam message that baits consumers with fake messages hoping to lure consumers into responding with passwords and other personal data.

In today’s world, identity thieves are so sophisticated that the e-mails they send look just like legitimate messages from banks and other businesses.  These con artists use hijacked corporate logos and deceptive spam to deceive consumers into giving out credit card numbers, personal identification numbers or passwords, and other personal or financial data.

Ryan said these types of emails are sent to thousands of accounts every day, hoping to catch someone off guard.  Even people who don’t have accounts with eBay, Paypal, and certain major financial institutions get messages purporting to be from those companies.

The surest ways to tell fake messages from real ones is by remembering that no reputable company uses e-mail messages to ask for sensitive information.  You will never be asked for personal or financial information by companies you do business through urgent e-mail message.

Ryan offered the following tips to avoid “phishing” attacks and to protect your personal information:

. Never reply to unsolicited emails asking for personal or financial information requests to “verify” data about your account.
. Remember that banks, credit card companies, and businesses do not send requests for PIN numbers or sensitive information to their customers.
. Do not call any phone numbers contained in messages purporting to be from your bank or other companies with whom you do business. Providing sensitive information by phone is just as dangerous as sending it via email.
. Do not open any links or documents contained in these messages – they may route you to a bogus website or download a virus onto your computer.
. Look for the padlock icon in the browser to assure that you are accessing a secure site.
. Double click on the padlock icon to see who owns the security certificate. A fake one either won’t have a certificate or it will be owned by an entity that appears to be unrelated.
. Make sure the web address in your browser starts with https, not just http.

Consumers can contact the Bureau of Consumer Protection at 1-800-441-2555 or to file complaints about Internet scams.

Save pagePDF pageEmail pagePrint page

Leave a Comment