Capital One customers who have received email or SMS text messages like the one below, which claim their online account security is inactive and they must first confirm their registrations, should delete the messages. They should also not follow the instructions in the messages. This is because the messages are being sent by cybercriminals to frighten and trick potential victims into clicking on the links in them, which go to phishing websites that steal Capital One online account credentials.
The "Your Capital One Online Account Security is Inactive" Phishing Scam
From: Capital One [mailto:ahmed@panoramabh.com]
Sent: Wednesday, December 6, 2017 10:14 AM
Subject: ACCOUNT MESSAGE ALERT !!!
Dear User,
Your Capital One online account security is inactive, but first you have to confirm your registration.
Click here to confirm your registration!
Privacy Department.
Capital One
Capital One customers who have received messages claiming that they need to do some activity on their accounts, such always go directly to https://www.capitalone.com/ and sign into their accounts. Once they have signed in, they will be notified of security updates, notifications and other important notifications. So, there is no need to click on a link in an email message, which may go to phishing or malicious website.
Also, Capital One customers who have already been tricked by the phishing messages, are asked to change their passwords and contact Capital One immediately, before their accounts are hijacked and used fraudulently by cybercriminals.