If you think you've received a phishing scam, immediately delete the email message and do not click any links in the message or open any attachments.
Attach the suspicious email message to a new email message and send it to the Global Payments at protect@globalpay.com. We will need the original phishing email (not just a forwarded copy) to be able to analyze the message. Delete the email message and do not click any links in the message or open any attachments. Global Payments will never send an email asking you to update your login credentials or log into our website using a link or an attachment in an email.
To minimize any damage after responding to a phishing scam with personal or financial information, immediately change the passwords or PINs for all the online accounts that could be compromised.
Yes. Phishing scams often use the official logos of the companies they're trying replicate. Do not use website links in suspicious emails - type the web addresses directly into your browser or use your personal bookmarks.
Not necessarily. Phishing email messages often include official-looking logos from real organizations and other identifying information taken directly from legitimate websites. They might also contain threatening phrases such as "Your account will be suspended if..." or requests for action like "Log in now using this link to update or reset your password."
The number of sophisticated phishing scams sent to consumers is continuing to increase dramatically. While online banking and ecommerce are very safe, as a general rule you should be careful about giving out your personal financial information over the Internet. The Anti-Phishing Working Group (APWG, www.antiphising.org) has compiled a list of recommendations to avoid becoming a victim of these scams.
  • Be suspicious of any email with urgent requests for personal financial information. Phishers typically include upsetting and false statements in their emails to get people to react immediately. They also ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.
  • Don't use the links or attachments in an email, instant message or chat to access any Web page. If you suspect the message might not be authentic call the company or log onto the website directly by typing it into your browser.
  • Avoid filling out forms in email messages that ask for personal financial information. You should only communicate information such as credit card numbers or account information via a secure website or the telephone.
  • Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser. Phishers are now able to:
    • Replicate the "https://" normally seen on a secure Web server and a legitimate-looking address. Make it a habit to enter the address of any banking, shopping, auction or financial transaction website yourself and not depend on displayed links.
    • Forge the yellow lock seen near the bottom of the screen on a secure site. The lock has been considered a "safe" indicator and when double-clicked, displays the security certificate for the site. Do not continue if you receive warning displays that the address of the site you have displayed does NOT match the certificate.
  • Get in the habit of looking at the address line to make sure you have the right website. Were you directed to PayPal? Does the address line display something different like "http://www.gotyouscammed.com/paypal/login.htm?"
  • Be aware of where you are going.
  • Consider installing a Web browser tool bar to help protect you from known fraudulent Web sites. These toolbars match where you are going with lists of known phisher websites and will provide alerts.
  • Regularly log into all online accounts. Don’t leave it for as long as a month before you check each account.
  • Ensure that your browser is up-to-date and security patches are applied.
  • Look closely at the sender’s email address. Although the "From" email can closely resemble a valid email address, there are often unusual characters or constructs that can help confirm that the address is fraudulent.
  • Check email images and graphics. Images used in fraudulent emails are often broken (i.e., not present), out of place or incorrect. These problems typically occur when a fraudulent message attempts to reference an image from a legitimate entity's website and fails.
  • Pay attention to message format and text. Message length, grammar, word choice and sentence structure play a part in the success of a phishing email. Take note if the message is brief and lacks personalization.
  • Look for consequences resulting from a lack of action on your part. Does it demand your attention and indicate that there will be consequences if you do not take action? If so, this could indicate that the email is fraudulent.
  • Be wary of embedded hyperlinks or attachments. Hovering or moving your computer mouse pointer over an embedded hyperlink should reveal the associated Web URL. Always open a browser and type in the URL directly.
Report phishing emails to the following groups and include the entire original email with its original header information intact:
  • Use the reporting form from www.antiphishing.org or forward the email to reportphishing@antiphishing.org
  • Forward the email to the Federal Trade Commission at spam@uce.gov
  • Notify The Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov/