TOLLS BY MAIL INTERNET PHISHING POLICY

Tolls by Mail will never send an email or contact you requesting sensitive personal information such as credit card number, social security, etc. If you are contacted by anyone stating that they are from Tolls by Mail and they are seeking personal information, please DO NOT provide the information requested. Either call 1-844-TBM-8400 (1-844-826-8400) to report that you have been contacted by someone attempting to obtain personal information or ask the caller/email sender to provide their contact information so that you can call them back.

What is PHISHING?

"Phishing" is the illegal practice of sending fraudulent emails with links to websites that appear to be legitimate. Please be aware of fraudulent emails that may appear to be from a trustworthy source, but, are designed to trick the user into disclosing sensitive, private and confidential information. "Phishers" send these emails in an effort to deceive users into disclosing sensitive personal information.

Sometimes Tolls by Mail emails may include links, but they are provided for your convenience only. You can always open a new browser window and type the web address you know to be correct directly into your internet address bar, instead of directly clicking on the link provided in the emails.

Phishing is a criminal activity using a collection of techniques to manipulate people into performing actions or divulging confidential information. Phishing applies to email or a telephone call appearing to come from a legitimate business — a bank or credit card company — requesting "verification" of information and warning of some dire consequence if it is not done. The emails usually contains a link to a fraudulent web page that looks legitimate — with company logos and content — and has a form requesting everything from a home address to an ATM card's PIN. Phishing is typically carried out using email or an instant message, although phone contact has been used as well.

What Phishers Want

Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by trying to appear as a trustworthy source in an electronic communication. The data that a phisher may attempt to obtain includes:

• Username and login information
• Password or PIN
• Credit card validation (CCV) code
• ATM/debit or credit card number
• Social Security Number (SSN)
• Bank routing and account number

Identifying Phishing Emails

Here are a few signs that an email may be fraudulent:

1. The message states urgent action on your behalf is needed to avoid a negative impact on your account, such as being charged a fee or having your account suspended.
2. The email contains obvious spelling errors. Phishers do this intentionally in order to avoid spam filters that many internet providers use.
3. Links in the website or in the email contain all or part of a real company's name, but the link itself is not identical to that of the legitimate web site. Clicking on these links may take you to different, possibly malicious, websites or pop-up windows that ask you to provide, update or confirm sensitive personal information.

Identifying Fraudulent Websites

Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of the legitimate entity's URL over the address bar, or by closing the original address bar and opening a new one containing the illegitimate URL.

Check the address in your browser. A fraudulent website may contain strange symbols or numbers such as http://signin.tollsbymailny.com@10.23.92.4/.

Furthermore, trusted websites that require login information or personal information are usually protected by a SSL (Secure Sockets Layer) certificate, a padlock appears in the address bar for such designation. SSL certificates secure the transfer of your data when you submit information. A scam site, quite often, won't bother with an SSL certificate, as the site will likely be shutdown soon after the fraud has been reported

Reporting Suspicious Emails

If you've received an email from a sender unfamiliar to you, examine it before clicking any links. If you suspect that it's fraudulent, forward it to the Federal Trade Commission at spam@uce.gov without changing or retyping the subject line. Such changes may inhibit the ability to investigate it properly. Delete the fraudulent email immediately after forwarding to the FTC. Additionally, the Department of Homeland Security's United States Computer Emergency Readiness Team (US-CERT) provides the email address of phishing-report@us-cert.gov to report phishing.

If you suspect you've received a fraudulent Tolls by Mail email, please contact the Customer Service Center at 1-844-TBM-8400 (1-844-826-8400).

Additional information about identity theft and online safety can be viewed by visiting the FTC identity theft resource at www.consumer.gov/idtheft, or by calling the FTC at 1-877-IDTHEFT.