What is phishing?
Phishing (pronounced “fishing”) is a means by which identity thieves gather your information, including financial or account information such as user name and password, Social Security number, birth date, ATM PIN, or credit card information for use in committing fraud or other crimes.
Most phishing occurs through the use of fraudulent e-mail, although it can also occur over the phone, via SMS text message (“SMiShing”) or via postal mail. These fraudulent phishing e-mails often aim to create a sense of urgency for the consumer, asking them to take immediate action. For example, they may ask consumers to “immediately update their account information or face account cancellation” or “immediately pay a past-due balance on their account by following a Web link.” These fraudulent e-mails may appear to be from legitimate companies, including those you may regularly do business with. They will often include logos of the company or institution which appear to be authentic, and may include Web links and graphics which lead you to believe that they are legitimate requests for personal information.
What you can do to protect yourself?
T-Mobile will never ask you to “confirm” or “verify” your sensitive personal information in an unsolicited e-mail.
If you receive a suspicious e-mail supposedly sent from T-Mobile:
- Do not reply to the suspicious e-mail and do not open any attachments. Instead, contact T-Mobile directly and make sure that the e-mail is legitimate.
- Do not click on any Web links included in the e-mail even if it looks genuine, and do not provide any personal information which the e-mail may request.
- Contact T-Mobile’s Privacy Team at privacy@T-Mobile.com and forward a copy of the e-mail so that we may investigate it. If our company name or brand is used in efforts to fraudulently obtain personal information, we will work aggressively to halt those activities.
Like T-Mobile, most reputable companies will not send you e-mails or otherwise contact you requesting sensitive personal information. Be aware of the policies and practices of the other companies you deal with and always be suspicious of unsolicited requests for such information. As phishing attempts will likely continue to evolve, it is important to always think twice before you provide any personal information in response to e-mails.
If you believe that you have been a victim of a fraudulent e-mail phishing scam, you should file a complaint at http://www.ftc.gov, and then visit the FTC Identity Theft Web site at http://www.ftc.gov/idtheft to learn how to minimize your risk of damage from identity theft.