Dealing With Suspicious E-Mails

Do report suspicious e-mail. If you suspect you may have received phishing e-mail designed to steal your identity, report the e-mail to the faked or "spoofed" organization. Contact the organization directly—not through the e-mail you received—and ask for confirmation. If it would make you more comfortable, call the organization's toll-free number (if one exists) and speak to a customer service representative. You should also report the e-mail to the proper authorities including the FBI, the Federal Trade Commission (FTC), and the Anti-Phishing Working Group. If you think you've received a phishing e-mail message, do not respond to it. Virginia Commerce Bank will never request our customers to update their personal or account information via web links contained within e-mails. Please report suspicious or phishing e-mails to Virginia Commerce Bank by calling 1-888-446-1483.

Do be wary of clicking on links in e-mail messages. Links in phishing e-mail messages often take you directly to phony sites where you could unwittingly transmit personal or financial information to con artists. Avoid clicking on a link in an e-mail message unless you are sure of the destination. Even if the address bar displays the correct Web address, don't risk being fooled. There are several ways for con artists to display a fake URL in the address bar on your browser. To see an example of this, read How can I tell if an e-mail message is fraudulent?

Do type addresses directly into your browser or use your personal bookmarks. If you need to update your account information or change your password, visit the Web site by using your personal bookmark or by typing the URL directly into your browser. Virginia Commerce Bank will never request our customers to update their account information via web links contained within emails.

Do check the security certificate when you are entering personal or financial information into a Web site. Before you enter personal or financial information into a Web site, make sure the site is secure. In Internet Explorer, you can do this by checking the yellow lock icon on the status bar as shown in the following example.

Example of a secure site lock icon. If the lock is closed, then the site uses encryption.

The closed lock icon signifies that the Web site uses encryption to help protect any sensitive, personal information that you enter, such as your credit card number, Social Security number, or payment details. It's important to note that this symbol doesn't need to appear on every page of a site, only on those pages that request personal information. Unfortunately, even the lock symbol can be faked. To help increase your safety, double-click the lock icon to display the security certificate for the site. The name following Issued to should match the name of the site. If the name differs, you may be on a fake site, also called a "spoofed" site. If you're not sure whether a certificate is legitimate, don't enter any personal information. Play it safe and leave.

Tip:  If you don't see the status bar at the bottom of your browser window, click on View at the top of the browser, and then select Status Bar to activate it.

Don't enter personal or financial information into pop-up windows. One common phishing technique is to launch a fake pop-up window when someone clicks on a link in a phishing e-mail message. To make the pop-up window look more convincing, it may be displayed over a window you trust. Even if the pop-up window looks official or claims to be secure, you should avoid entering sensitive information, because there is no way to check the security certificate. Close pop-up windows by clicking on the red X in the top right corner (a "cancel" button may not work as you'd expect).

Source: Microsoft.com

In This Article:

•What is a phishing scam?
• How can I tell if an e-mail mesasge is fradulent?
•The do's and don'ts of dealing with suspicious e-mail
•What to do if you've responded to a phishing scam

Tip:

To see updated examples of popular phishing scams or to report a possible phishing scam, visit the Anti-Phishing Working Group Archive.