Fraudulent Sites and Phishing Scams
Authorize.Net regularly monitors for fraudulent websites and emails which mimic the official Authorize.Net domain or communications. If you receive an email requesting that you provide sensitive information in order to update your Authorize.Net account information, do not respond to the email and do not click on any links that may be included. Instead, please forward the email to email@example.com. If the message is not from Authorize.Net, you may be asked to provide details about the message to assist in responding to the potential fraud attempt.
Authorize.Net will never request that you send sensitive information to us via email because there is no sure way of preventing inadvertent or unauthorized access to emails both sent and received. You should also avoid opening email from any unknown persons or clicking links in emails from unknown persons, as it may lead to malicious software, virus infections or unintentional disclosure of sensitive data.
Examples of information that are considered sensitive include, but are not limited to:
- Bank account numbers
- Credit card numbers
- CVV data (3-4 digit card code and magnetic track data)
- Passwords (Authorize.Net or otherwise)
- PIN numbers
- Secret question and answer
- Social security numbers
- Tax ID numbers
- Bank routing numbers
- Driver's license numbers
- Merchant processing ID numbers
To learn more about this topic you may wish to read the United States Computer Emergency Readiness Team's (US-CERT) security tip, "Avoiding Social Engineering and Phishing Attacks."
- Where should I forward suspicious phishing emails or websites?
Please forward all emails or websites that you think may be fraudulent to firstname.lastname@example.org. Please note that we will not provide a personal response to your report unless additional information is needed.
- How can I recognize that an email I received is fake?
Please review this article describing phishing attacks for tips on identifying fraudulent emails and learn how to protect yourself from email fraud.
- How does Authorize.Net investigate fraudulent emails and websites?
Authorize.Net and our parent company, Visa Inc., partner with a 24x7 global service that reviews all reports received. If this research determines the email you submitted is fraudulent, an extensive network of Internet security partners is notified to automatically block user access to phishing and malware (computer virus) distribution sites. In addition, many of the sites are taken off the Internet. Please note that we will not provide a personal response to your report unless additional information is needed.
- What law enforcement agencies are involved?
We work with federal, local and international agencies as needed, depending on the email content, scope, etc.
- How can I be sure that I’m logging into my real Authorize.Net account?
Most spoof emails ask you to log into your account by providing a link within the email that actually directs you to a fraudulent website instead of the genuine account login page. However, many legitimate Authorize.Net emails do also include a link to log into your account. Before clicking on any links within an email, take steps to verify its legitimacy by following the tips provided by Visa on how to spot an email phish.
Another way to make sure that you're always logging into your real account is to open a new browser window and type www.authorize.net into the address bar instead of clicking on links within an email. The Authorize.Net home page provides a link for you to access your account under the Account Login tab.
- When does Authorize.Net post announcements about phishing emails?
In general, Authorize.Net does not post announcements about phishing campaigns. Occasionally, we will post education awareness reminders in the Support Center and the Merchant and Reseller Interfaces.
- What should I do if I believe my information may have been compromised?
If you receive a spoofed email, clicked on a fraudulent link, or entered any personal or payment information in a potentially fraudulent site, recommendations include the following:
- If you entered financial information, please contact your financial institution.
- Update your anti-virus software and run regular system scans. (Understanding Anti-Virus Software)
- After running a complete anti-virus scan, immediately change any passwords you might have entered. If you use the same password for multiple sites, make sure to change the password for each and do not use that password again in the future.
- Consider reporting the attack to local authorities and the Federal Trade Commission (http://www.ftc.gov/).
- If you provided personal information such as your Social Security Number, we recommend reviewing the following information and advice from the U.S. Department of Homeland Security on Preventing and Responding to Identity Theft.