HTML Module

How to Avoid “Phishing” Scams

The number and sophistication of “phishing” scams sent out to consumers continues to grow. “Phishing” is defined as an e-mail sent by a third party pretending to be from a legitimate company, such as ProPay, in an attempt to collect personal information (social security numbers and passwords) for use in fraudulent activity and identity theft. These e-mails typically try to deceive the customer by imitating the look and feel of the real company. While eCommerce is generally very safe, everyone should be careful about providing personal and financial information over the Internet.

ProPay has compiled a list of recommendations below that should be helpful in avoiding this type of scam:

How does it work?

Typically, the phisher sends an email that appears to be from a legitimate business, such as a bank, to millions of e-mail addresses hoping to lure people who are actual customers of that business into responding and divulging personal information. This is often referred to as “the bait.” The emails contain a link to a website that looks like the business’ official website, but is in fact a spoofed or fake site. If an unsuspecting customer enters the information requested, the phisher is on his way to stealing their money, their identity, or both.

What should I be looking for?

Although they are designed to be nearly impossible to distinguish from legitimate emails, there are some common signs to look for:

  • They urge the recipient to click on a link to update or verify account information.
  • They convey a sense of urgency and often mention negative consequences for failing to respond.
  • They do not contain any personalization: the recipient’s name, the last four digits of their account number, or other information that shows that the sender knows something about the recipient’s account.
  • They are unexpected and are not consistent with other emails from the business.
  • They often contain spelling errors and bad grammar.

What should I do if I receive a suspicious email?

  • Do not respond to the email and do not click on the link found in it.
  • If you are unsure of its authenticity, call a phone number you trust, such as the one on your most recent statement, NOT the one in the email, to verify the company actually sent it and to inquire about why they need your information.
  • If it appears to be from another company or financial institution, you can forward it to the Anti-Phishing Working Group at  You may also stay up to date on phishing trends at
  • Delete the email from your Inbox and clean out your Deleted Items folder.

How can I protect myself?

Education is the best defense. Know what to look for and what to do. It is very important to note that no financial institution will ever send an email asking you to verify or supply personal information, such as:

  • User ID
  • Password
  • Social Security Number
  • Card or Account Number
  • Credit Card Security Code (CCV)

Preventative Protection

  • Never open unsolicited emails from unknown email addresses.
  • Never send personal information via email unless it is to a trusted source and you use some type of encryption.
  • Exercise reasonable care when downloading software and opening email attachments. Never download or open an email attachment from an unknown email address.   
  • Have your computer analyzed by a qualified technician if you suspect your computer is running abnormally, you are receiving an unusual amount of “pop-up” pages, or you notice that you are being redirected to other web pages.
  • To ensure that you're on a secure Web server, check the beginning of the Web address in your browsers address bar - it should be "https://" rather than just "http://"
  • While spoof e-mails present an increasing threat, there are other ways fraud can occur. The following tips will help you protect your ProPay account and virtually any other online account you have from fraudulent activity.
  • Frequently scan for viruses.
  • Frequently check for update patches for your operating system and browser.
  • Install a firewall.
  • Frequently check your accounts for suspicious activity.
  • Frequently change your password and use a unique password for each site.
  • Make your password unique. A good password will include a combination of letters and numbers making it hard to guess.

Back to top