“Don’t get caught by this phishing expedition,” said Ray Ferrara, Manager of Corporate Security for Ferguson. “The economic stimulus is meant for you, not scam artists.”

Industry security leaders offer these tips for avoiding these scams:

  • Always be wary of e-mails that request your account information, social security number or account passwords. Government agencies, banks and other legitimate business normally do not ask for this information via e-mail.
  • Do not click on or open links in e-mails soliciting economic stimulus information. The IRS does not send unsolicited e-mails or ask for detailed personal or financial information. The IRS also will not use e-mail to ask for PIN numbers, passwords or similar secret access data for credit cards, banks or other financial institutions.
  • If you complete online financial transactions, go to the Web site for that business; do not use a link sent to you in an unsolicited e-mail.

“Email is not a secure method of transmitting personal information,” said Ray. “If you initiate a transaction and want to provide your personal or financial information through an organization’s Web site, look for indicators that the site is secure.”

Such indicators could be a lock icon on the browser’s status bar or the URL for the Web site begins with “https:”; the “s” stands for secure. “Unfortunately, no indicator is foolproof,” said Ray. “Some phishers have even forged security icons.”