NASHVILLE, TN – “You have notifications pending.” So states the email purportedly from Facebook, alerting you to missed updates related to your Facebook account. It features, under the familiar logo with “Facebook” spelled out in white letters in a blue bar, two boxes for you to click if you wish to go to either your Facebook homepage or to all of your account’s notifications. 

But, the boxes are links to a site not affiliated with Facebook, and clicking on either box could expose your computer to an attack aimed at stealing your information. And, upon closer inspection, you see that – though the sender is listed as “Facebook” – the sender’s email address apparently has no relation to the social networking site. Another common email features this request: “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.” 

Don’t click the links. Don’t trust the emails. Fraudulent emails such as these are involved in “phishing” – when Internet swindlers send spam or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security numbers, passwords or other sensitive data) from unsuspecting victims. 

Some phishing emails threaten a dire consequence if you don’t respond. The messages direct you to a website that looks just like a legitimate organization’s site. But it isn’t. It’s a bogus site whose sole purpose it to trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name. 

Consumer Affairs offers these tips to help you avoid getting hooked by a phishing scam: 

• Don’t reply to email or pop-up messages that ask for personal or financial information, and don’t click on links in the message. Don’t cut and paste a link from the message into your web browser – phishers can make links look like they go one place when they actually send you to a different site (hovering your mouse pointer over the link can help you uncover the real address).
• If you need to reach an organization you do business with, call the number of your financial institution on the back of your card – not the number listed on an email. And, you always have the option of visiting the business in person.
• Use anti-virus and anti-spyware software, as well as a firewall, and update them regularly.
• Don’t email personal or financial information.
• Be cautious about opening any attachment or downloading any files from emails that you receive, regardless of who sent them.
• Forward phishing emails to This e-mail address is being protected from spambots. You need JavaScript enabled to view it – and to the company (in the Facebook example, the address would be This e-mail address is being protected from spambots. You need JavaScript enabled to view it ), bank or organization impersonated in the email. 

The Federal Trade Commission has an e-card that you can forward to your friends to warn them about phishing scams. The link is www.ftc.gov/phishing.

Consumer Affairs (www.tn.gov/consumer) is a division of the Department of Commerce and Insurance, which  works to protect consumers while ensuring fair competition for industries and professionals who do business in Tennessee. www.tn.gov/commerce/, @TNCommerceInsur (Twitter), http://on.fb.me/uFQwUZ (Facebook), http://bit.ly/ry1GyX (YouTube)