Avoid online fraud

Although it's generally secure and convenient to conduct your personal and financial business online, you still need to look out for Internet criminals trying to defraud you of your money or steal your identity.

Sallie Mae is constantly evaluating and improving its systems and processes to protect you. Use this information to help keep your personal and financial data secure.

Take these simple steps to protect yourself

Protect yourself from email and Internet fraud by being alert and avoiding unnecessary risks. Just as you would not give your credit card to a person you do not trust, do not give your personal contact or account information to a website that looks suspicious.

  • Avoid conducting personal financial business on shared or public computers, as in an Internet café or a library.
  • If you use a public computer, don't save your passwords or user IDs on the browser. After you're done, log out of all websites, clear the browser's cache and history, and close the browser. This makes it harder for the next person using the computer to see what you've done.
  • Avoid conducting financial transactions over public wireless hotspots.
  • Make sure your browser is up to date and that your computer has the latest security patches.
  • If you are a customer and believe you’ve found a security issue, please send email to ‘Security at Sallie Mae dot com’ and include the description of the issue and where you experienced it.
  • Install the latest version of an established anti-virus software. If you already have an anti-virus program installed, make sure you get the latest updates by keeping your subscription current.
  • Protect your privacy against spyware or malware by installing established spyware blockers.
  • Make sure no one has hijacked your identity: Periodically check your credit reports with the major credit reporting agencies. Make sure your information is correct and that no one has tried opening fraudulent lines of credit in your name.

Watch out for these fraud warning signs

  • Sensationalist or emotional language. Take a breath before acting on an unexpected email solicitation. Fraudulent emails are written in a way to get you to react immediately.
  • Obvious spelling or grammar errors. Fraudsters and Internet criminals are often better at coding malicious software than they are at spelling. Sallie Mae communications are written by servicing and marketing professionals.
  • The email is not addressed to you. A company you do business with knows your first and last names.

If you're concerned about an email you received…

  • Don’t click on the links in suspicious emails. Hackers can make their fraud sites look legitimate — even by using a real company’s name in the URL. Instead, go to the company's website by typing the URL directly into your browser. If you're still in doubt, phone the company.
  • Don't fill out forms in email messages asking you for personal or financial information. Only communicate these pieces of information with a company you're working with over the phone or on a secure website.
  • Make sure you're on a secure Web page when entering sensitive information. Secure Web pages will have https: (note the "s") at the beginning of their Web address instead of just http:. If you use Microsoft Internet Explorer, you may also see a security lock image in the bottom right of the browser window that looks like this: 
    that looks like this:
  • Forward suspicious Sallie Mae emails to abuse@salliemae.com.
    Forward the entire email and any attachments to us, not just the text in the body. This will help us better trace the email and determine whether it's legitimate.

More information

Report fraud

Concerned about a suspicious email regarding your account with us? Report it to abuse@salliemae.com.

Report website security

Concerned about website security? Report it to security@salliemae.com.

What is phishing?

Phishing is an Internet scam where criminals try to trick you into divulging sensitive personal information, such as user names, passwords, PINs, or Social Security numbers. Phishing begins as unsolicited emails — or spam — that seem to be from a legitimate company. The emails impersonate the company's look, name, logo, and URL. The emails often use threatening language — such as saying your account will be closed if you do not respond — and "require" that you provide sensitive personal information.

What other damage can phishing do?

Some phishers have been known to send out emails linking to websites rigged to install viruses or Trojan horses on your computer. Such malicious software could take over your computer or record all the sites you visit along with your login information.