Notices that accounts have been compromised come in all forms of spam including email, text and by phone. These alerts usually direct the consumer to a website that downloads malicious software, often referred to as malware, onto their computer. Most often, the website contained in the spam is ‘masked’ to look like the recipient’s financial institution in order to entice a click, but once clicked, the user is taken to a completely different site that most often downloads malware. To determine if a link is masked, users should hover the cursor over the link to see the actual website they’ll be directed to. If you suspect your account may have actually been compromised, call the company directly or navigate to its website by typing the web address into the browser bar manually.
In other cases, the website or caller asks for personal information that the scammer will use to commit various forms of identity theft. Do not give out personal information over the phone. Instead, hang up and call the company directly to inquire about your accounts. If an email notifies you of an account breach and asks you to enter your user id and password or any other personal information do not enter any information. Instead, type the financial institution's URL into the browser bar and sign in to your account or contact your institution via telephone.
Unwanted and fraudulent emails can be reported directly the Federal Trade Commission by forwarding the email message and your complaint information to firstname.lastname@example.org.