Mutual Fund Company Fights Back Against Phishing

After working with the SEC to shut down an unauthorized version of its Web site, Pax World Funds has issued six "phishing tips" that mutual fund investors can use to spot and avoid fake Web sites.

High-pressure e-mails and phony Internet addresses touting bogus mutual fund Web sites are a problem that investors must learn how to deal with in advance if they are to avoid being stung by such a scam, according to Pax World Funds.

The company, which features socially and environmentally responsible mutual funds, issued six "phishing tips" that mutual fund investors can use to spot and avoid fake mutual fund Web sites, including those that are promoted by what may at first appear to be legitimate e-mail messages.

Portsmouth, N.H.-based Pax World Funds in June cooperated with the U.S. Securities and Exchange Commission (SEC) to shut down an unauthorized version of the Pax World Funds Web site. The look-alike Pax World Fund Web site offered outlandish promises of returns on investments and also charged excessive and impermissible fees. Results of the cooperation can be read here.

"Our eye-opening experience led us to conclude that mutual fund investors and investment companies need to know more about the dangers posed by phishing," said Thomas W. Grant, president of Pax World Funds. "What we are doing today is sharing what we learned about phishing swindles in the mutual fund context and what people can do to protect themselves. It is our hope that this information will be of real value to all mutual fund investors."

A typical phishing scheme will use a seemingly legitimate e-mail to deceive the recipient into thinking it is a message from a trusted company or government agency, rather than the con artist who is actually behind the communication. The purpose of a phishing scheme is simple: get the potential victim to disclose his or her account information, wire transfer details, credit card account numbers, Social Security number, passwords and other sensitive information.

In the case of mutual funds phishing scams, an investor may actually be lured into making phony transactions on a Web site that looks something or exactly like the home of a legitimate investment company. In addition to mutual funds and credit card companies, recent phishing schemes have involved "cloned" e-mails and bogus Web pages falsely put forward in the name of government agencies, including the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency and the Securities Investor Protection Corporation.

/zimages/5/28571.gifClick here to read about a new phishing technique that works on multiple browsers.

Based on what was learned in combating a phishing scheme, Pax World Funds issued the following six tips for mutual fund investors:

1) Keep a sharp eye out for high-pressure e-mails urging you to divulge personal financial information or to start making transactions at a new Web page. Phishers rely on urgent—and even upsetting—statements in their e-mails in order to goad people into taking immediate action. You may be asked to provide or "verify" user names, passwords, credit card numbers, checking account withdrawal codes, Social Security numbers, etc.

If you get an e-mail that warns you, with little or no notice, that your mutual fund account will be shut down unless you reconfirm your information related to the account, do not reply or click on the link in the e-mail. Instead, contact the mutual fund company by phone or by going directly to its main Web site, which most likely already is known to you. Check out the substance of the e-mail first instead of just automatically replying or clicking on the Web links in it.

Next Page: Limiting transactions to secure pages.