Internet Security
Phishing
(fraudulent requests for your account information)
Topics
- What is phishing?
- How do I know if a request sent to me requesting account information (etc.) is valid?
- Does Network Tallahassee ever ask customers for account information?
- How to protect yourself from phishing scams
- Internet Security Main Menu
What is phishing?
Phishing is a type of scam that some devious people/companies use to lure unsuspecting people into providing personal information such as social security numbers, bank account numbers, credit card numbers, logins, passwords, etc. Providing this type of sensitive information can lead to identity theft as well as serious financial consequences. Phishing scams requesting email addresses and passwords are also often used to allow spammers to log into the users' web mail accounts and distribute spam, viruses, etc.
How do I know if a request sent to me requesting account information (etc.) is valid?
If you're not expecting some kind of account verification request from a company, then the request is likely a scam.
Most phishing scams have poor grammar and sentence structure (often related to improper English translations), incorrect punctuation, and awkward use or lack of capitalized letters/words.
If you DO have an account of some sort with the company and you're not sure if the request is valid, contact the company using contact information provided with PRINTED material provided by and was mailed by (not emailed) the company to you as part of invoicing material, account balance summary, etc.
Many phishing scams include the real company's logo and will even provide what appears to be a valid website address to make it appear as if the request is valid. Just because the company's logo and website address are included in the message does NOT guarantee validity; anyone can write a message like that.
Many of the links included in the message conceal the true web address, so you don't realize that the link you're clicking on is not what you think it is.
Here are some references from a few banks and other institutions regarding phishing/scams/fraud:
- Anti-Phishing Working Group
- Bank of America
- Citibank
- eBay
- Federal Deposit Insurance Corporation (FDIC)
- Internal Revenue Service (IRS)
- Social Security Administration
- SunTrust
Does Network Tallahassee ever ask customers for account information?
Network Tallahassee occasionally requests information from its customers via email. These requests are normally in reply to a Support or Billing request initiated by a customer. Some things to keep in mind:
- We do not request credit card numbers or bank account numbers via email.
- We do not request passwords for existing email accounts--we already have ways of decoding those.
- Legitimate correspondence coming from Network Tallahassee will always come from addresses @nettally.com. In the unlikely event a Reply-To header also exists in a message we send, it will also be an address @nettally.com.
Occasionally, we may need to ask groups of users for passwords, though this typically only occurs during customer account migration as other internet service providers merge with us. In some cases, those other ISPs do not maintain the data about their customers that we need during the migration process. In a situation like this, Network Tallahassee creates a web-based interface on one of our own web servers where customers can update the information online--not through email. In an email that we would send to the affected customers, we would reference this link.
All Network Tallahassee web sites containing forms contain nettally.com at the end of the server portion of the web site URL. Valid examples:
- http://support.nettally.com
- http://support.nettally.com/security
- http://billing.nettally.com
- https://secure.nettally.com
- http://stopspam.nettally.com
- http://stopspam.nettally.com/help.asp
The following is an example of a web site referenced in an email (a phishing scam in this case) that is NOT related to Network Tallahassee in any way:
- http://nettallysecure.atwebpages.com/index.php
How to protect yourself from phishing scams
See these references: