WHAT IS PHISHING?
Phishing. Pronounced "fishing", is used to describe methods used to try and steal your identity on the internet, such as names, usernames, passwords and credit card details.
A phishing attack is a form of cybercrime. Criminals create a near perfect replica of various financial institutions websites like banks, PayPal and eBay, then once the fake website is setup they attempt to trick users in to disclosing their personal details – usernames, passwords, PIN etc. via a form on the fake website which the criminals collect to use your details to obtain money.
To get you to visit the fake websites phishers use various techniques, one of the most common is sending out an email pretending to be from a bank. You may have seen one such email in your Inbox or junk mail folder but not taken any notice as it was from a bank that you don’t belong too, but phishers send out thousands of emails to try and catch someone that does belong to the bank in the phishing email.
These emails often use legitimate logos, a good clean style and often spoof the header of the email to make it look like it came from a legitimate bank. In general, these letters inform recipients that the bank has changed its IT infrastructure, or your account has had too many attempted logins and has been suspended and asks customers to re-confirm their user information. When the recipient clicks on the link in the email, they are directed to the fake website, where they are prompted to divulge their personal information. Phishing emails may also contain links to websites that are infected with malware.
The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically. While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet. It is easy to forget sometimes but if the criminals collect your personal information they can use it to buy goods, drain your bank accounts or sell it on the black market for profit.
What can I do to prevent phishing threats?
There are a few steps you can take to help protect you from phishing threats. Following these guidelines will help minimise the risk of attacks.
- Always be wary of any email asking for your personal information. No financial institution will ask you for such information by email. Any slight doubts at all call them.
- Look at the emails carefully if unsure. Phishing emails will say something on lines of “dear customer”, “Hello Dear member” as they will not know your name.
- NEVER click on links in emails to load, or take you to a webpage, always type the web address (URL) into your web browser (Internet explorer, Firefox, Chrome).
- Make sure that you use the latest version of your web browser and that any security patches have been applied. This may seem like an obvious step, but you would be surprised on how many people still use an older browser.
- Check if your anti-virus or internet security program blocks phishing sites, and authenticates major banking and shopping websites. Some of the free antivirus (AV) products may not offer this feature.
- Always report anything you think is a phishing email immediately. This could be your bank, PayPal, eBay or another financial institution.
- Don’t get pressured into providing sensitive information. Phishers like to use scare tactics, and may threaten to disable an account or delay services until you update certain information. Again, if unsure call them.
Get in the habit of checking the web address that you are going to, and to try and always type in the address yourself. They will try to make the web address as similar as possible to the real thing like the example below.
Remember PayPal should look like this:
Not like this: