2012 Information Security Update


Global Payments is aware that individuals attempting to perpetuate fraud via emails and phone calls may be using the Global Payments name to deceive merchants and consumers. Stay alert and watch for phishing email scams and fraudulent phone calls. Criminals may pose as someone investigating a fraud situation and ask you to confirm account or personal credentials.

Phishing uses email and fraudulent websites designed to steal your personal information including account details, passwords, credit card numbers, names, social security numbers and other data. Perpetrators of phishing scams send millions of fraudulent email messages with links or attachments that appear to come from websites you trust. The phishing emails often request that you “confirm” or provide information for the criminals to open new accounts in your name, obtain official documents using your identity or even embezzle funds from your accounts.

Please review the following Frequently Asked Questions to assist in protecting your information.

Frequently Asked Questions to Avoid Phishing Scams

What should I do if I receive an email phishing scam?
If you think you've received a phishing scam, immediately delete the email message and do not click any links in the message or open any attachments.

What should I do if I receive a possible phishing scam that says it’s from Global Payments?
Global Payments never sends emails requesting customer or cardholder passwords or log in credentials. Protect your information and never click on unsolicited Web links provided in an email or other correspondence. Attach the suspicious email message to a new email message and send it to Global Payments at protect@globalpay.com. We will need the original phishing email (not just a forwarded copy) to be able to analyze the message. Delete the email message and do not click any links in the message or open any attachments.

What should I do if I've responded to a phishing scam?
To minimize any damage after responding to a phishing scam with personal or financial information, immediately change the passwords or PINs for all the online accounts that could be compromised. If you provided credit card numbers, contact your card issuing bank or institution immediately.

If you believe your information may be compromised you can also place a Fraud Alert on your credit report. To do this, you’ll need to contact one of any of the three credit bureaus listed below. The company you call is required to contact the other two, which will place an alert on their versions of your report.

How do scammers get my email address or know which bank I use?
Perpetrators send out millions of phishing messages to randomly generated email addresses. They replicate fake websites of popular companies in order to target the largest number of people.

Can an email message that contains a company's official logo be a phishing scam?
Yes. Phishing scams often use the official logos of the companies they're trying replicate. Do not use website links in suspicious emails - type the web addresses directly into your browser or use your personal bookmarks.

Can I tell if an email message is a phishing scam just by reading it?
Not necessarily. Phishing email messages often include official-looking logos from real organizations and other identifying information taken directly from legitimate websites. They might also contain threatening phrases such as “Your account may be compromised, click here to protect your information.” “Your account will be suspended if…” or requests for action like “Log in now using this link to update or reset your password.”

How do I avoid phishing scams?
The number of sophisticated phishing scams sent to consumers is continuing to increase dramatically. While online banking and ecommerce are very safe, as a general rule you should be careful about giving out your personal financial information over the Internet.

The Anti-Phishing Working Group (APWG, www.antiphising.org) has compiled a list of recommendations to avoid becoming a victim of these scams.

  1. Consumers should always contact your bank or card issuing institution through its secure website or by phone using the number on the back of your card.
  2. Be suspicious of any email with urgent requests for personal financial information. Phishers typically include upsetting and false statements in their emails to get people to react immediately. They also ask for information such as credit card numbers, usernames, passwords, social security numbers, date of birth, etc.
  3. Don't use the links or attachments in an email, instant message or chat to access any webpage. If you suspect the message might not be authentic call the company or log onto the website directly by typing it into your browser.
  4. Avoid filling out forms in email messages that ask for personal financial information. You should only communicate information such as credit card numbers or account information via telephone or known secure website.
  5. Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser. Phishers are now able to:
    • Replicate the "https://" normally seen on a secure Web server and a legitimate-looking address. Make it a habit to enter the address of any banking, shopping, auction or financial transaction website yourself and not depend on displayed links.
    • Forge the yellow lock seen near the bottom of the screen on a secure site. The lock has been considered a “safe” indicator and when double-clicked, displays the security certificate for the site. Do not continue if you receive warning displays that the address of the site you have displayed does NOT match the certificate.
  6. Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher websites and will provide alerts.
  7. Regularly log into all online accounts. Don’t leave it for as long as a month before you check each account.
  8. Ensure that your browser is up to date and security patches are applied.

How can I identify a fraudulent email?

  • Be wary of embedded hyperlinks or attachments. Hovering or moving your computer mouse pointer over an embedded hyperlink should reveal the associated Web URL. Always open a browser and type in the URL directly.
  • Look for consequences resulting from a lack of action on your part. Does it demand your attention and indicate that there will be consequences if you do not take action? If so, this could indicate that the email is fraudulent.
  • Look closely at the sender’s email address. Although the “From” email can closely resemble a valid email address, there are often unusual characters or constructs that can help confirm that the address is fraudulent.
  • Check email images and graphics. Images used in fraudulent emails are often broken (i.e., not present), out of place or incorrect. These problems typically occur when a fraudulent message attempts to reference an image from a legitimate entity’s website and fails.
  • Pay attention to message format and text. Message length, grammar, word choice and sentence structure play a part in the success of a phishing email. Take note if the message is brief and lacks personalization.

Where do I report Phishing scams?
Report phishing emails to the following groups and include the entire original email with its original header information intact:

  • Use the reporting form from www.antiphishing.org or forward the email to reportphishing@antiphishing.org
  • Forward the email to the Federal Trade Commission at spam@uce.gov
  • Notify The Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov/


As of January 9, 2013