Guard against online fraud and scams

Con artists have devised clever ways to trick people into revealing personal information online, including schemes known as "phishing" and "pharming." Precautions taken by CollegeChoice 529 Direct Savings Plan -and you- can help keep your information secure.

Here's what you need to do

As you conduct business online, taking a few simple precautions can go a long way toward protecting your personal information.

  • Verify website security. Make sure the website has the proper encryption by first verifying that the Web address (URL) begins with https://. Then mouse-over the padlock image (depending on your browser) in your Web browser window to show the security. You can also double-click the image to get additional information on SSL security. On be sure to look for your security image before logging on.
  • Vary answers to security questions. Use caution when you select your CollegeChoice 529 Direct Savings Plan security questions and answers, as some information about you is readily available. An alternative is to answer the security questions with unique responses or code words. If you choose this option, make sure you'll remember your answers.
  • Log off and close your browser. CollegeChoice 529 Direct Savings Plan recommends that after accessing your account information online, you click Log off or Log Out at the top of the page and close your Web browser. Some of your account information can stay in your browser's memory until the browser is closed.
  • Open all CollegeChoice 529 Direct Savings Plan communications in a timely manner. We provide confirmations either through U.S. mail or e-mail depending on your preference. Watch for these confirmations and if you have any questions about a confirmation statement, contact us immediately.
  • Take caution when using public computers. Be cautious when using public computers (especially when traveling abroad and those found at libraries, Internet cafés, and schools), or using shared ones, such as home computers. You don't know what may be installed on these computers. Public computers are traditionally on open networks and can be susceptible to monitoring without your knowledge.
  • Use wireless technology safely. If you have a wireless network at home, make sure to follow manufacturer's guidelines to secure your network. If you're not sure how, contact the manufacturer for assistance. And don't check your accounts over a public wireless Internet connection.
  • Update your software. Older computers are harder to protect. PCs running Windows 95/98 operating systems don't receive security software updates and have difficulty operating newer software, therefore increasing their vulnerability to hackers.
  • Review your credit report. Review your credit report every four to six months for unauthorized activity. Go to to receive your free credit report or call 877-322-8228. You can also contact any of the following credit reporting agencies.


Phishing attacks seek to gather personal information, such as Social Security numbers, online User Name and passwords, to access victims' accounts. A phishing attack often appears as an unsolicited, but authentic looking, e-mail that may threaten to close your account unless you verify some information. Although the links in the message may look like your financial institution's website address, they point to a fake website that gathers the information you enter. Criminals then use that information to steal a person's identity.

Phishing e-mails typically include typos and other mistakes, terms the company may not use, or e-mail addresses that look different than ones the company uses.


Pharming is another type of online attack where website names (such as are changed to point to an attacker's numeric Internet address (the "IP address") instead of CollegeChoice 529 Direct Savings Plan's legitimate IP address. Successful pharming attacks are less common than they were a few years ago; however, it's possible for an attack to be temporarily successful against poorly protected servers.

To guard against pharming, CollegeChoice 529 Direct Savings Plan webpages that display your account information, or allow you to make changes, use Secure Sockets Layer (SSL) technology. SSL webpages start with "https://" instead of "http://." One of the advantages of SSL is that your Web browser verifies the identity of the server. If an attacker successfully changed a website name so that a secure address brought you to an attacker's site that looked like, your browser would display a warning. The warning would say the name on the certificate does not match the name of the site. If you encounter a similar message, don't access the page. Immediately contact 866-485-9415 for assistance.

Secure Sockets Layer (SSL)

SSL is a protocol developed for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data. A public key, which is known to everyone, and a private or secret key, known only to the recipient of the message. URLs that require an SSL connection start with "https://" instead of "http://."

Test Your Anti-Phishing Knowledge

Here is a link where you can test your knowledge on common Phishing and Pharming attacks,

Upromise is an optional service offered by Upromise, Inc., is separate from the CollegeChoice 529 Direct Savings Plan, and is not affiliated with the State of Indiana. Terms and conditions apply to the Upromise service. Participating companies, contribution levels, and terms and conditions are subject to change at any time without notice. Transfers from Upromise to a CollegeChoice 529 Direct Savings account are subject to a $25 minimum.

Upromise and the Upromise logo are registered service marks of Upromise, Inc.