Online retailer and merchant eBay recently announced that personal information including email addresses of more than 145 million users had been stolen from the company’s databases in a cyberattack.

Attorney General Dustin McDaniel and the company encouraged Arkansas consumers to change their eBay passwords as soon as possible. And, experts have predicted that hackers may sell the stolen data to con artists who would attempt to elicit sensitive financial information from consumers.

Therefore, McDaniel has issued this consumer alert to remind Arkansans how to protect themselves against criminal schemes to gather information through email, an action commonly referred to as "phishing."

"While, thankfully, there is no evidence that there was any personal financial information stolen in this attack, there may be efforts afoot to trick consumers into providing sensitive data," McDaniel said. "Arkansas consumers need to be cautious in the coming days and weeks to avoid unsolicited requests by anyone seeking account numbers or personal information."

Typical phishing schemes involve unsolicited emails purporting to be from such organizations as banks, credit card companies, government entities or Internet service providers. The emails may have a legitimate-sounding address and a legitimate-looking template, but consumers should look out for warning signs that the email is fraudulent, such as emails claiming to be from a government agency but not having a .gov domain name.

The phishing email will ask for sensitive information, usually by stating that there’s some sort of account or password problem. Whatever the approach, phishing emails seek data from consumers such as their bank account numbers, debit-card PIN numbers and Social Security numbers, in addition to their names, addresses, birthdates, email usernames and passwords.

Do not respond to phishing attempts.

Here are ways to avoid phishing’s bait:

Remember that legitimate companies will not send unsolicited emails seeking personal information.

Never give sensitive personal or financial information in response to an unsolicited request for it.

Consumers with questions about the validity of any email can always ask the company directly. Find customer-service contact information on an account statement or on the company’s website.

Immediately delete any suspicious email, and never open attachments or click on links sent from unknown sources.

Always use anti-virus software, anti-spyware software and a firewall. Update that software regularly.

For more information about phishing or about other consumer issues, visit the Attorney General’s Consumer Protection Division website,, or call the Consumer Protection Hotline at (800) 482-8982.