The BBC reports the findings of a survey into phishing, which suggests that sophisticated phishing scams could be catching out 90% of those that see them.
For the uninitiated, phishing is where fraudsters attempt to gather your online bank account details by directing you to sites that look like legitimate bank websites.
The academic study looked at whether web users could tell legitimate online bank websites from the fakes produced by phishers. Though many phishing sites were easy to spot, the best were judged real by almost all participants. It found that users ignored most of the visual cues on browsers that warn people that they are being scammed.
They also suggest a few tips to avoid becoming the victim of a phishing scam:
- Check the address bar – this is usually the most obvious sign of a phishing attempt – domain names that are meant to look like the real name. Check for mis-spellings or the use of “subdomains” that make the address look real, e.g. ebay.fraudster.com. Also, the use of the “IP address”, which is a list of numbers in the format 123.456.789.10 should be a warning.
- Retype web links rather than click links – the destination of a click can be disguised, so retype the link in the address bar manually, or go to th bank’s homepage and navigate to your account login from there.
- Poor spelling / grammar – some phishers create their own sites that can often containbad spelling or comedy grammar.
- Look for the padlock – although the padlock sign in your browser is no guarantee the site you are viewing is an attempt at phishing, most banks do use secure sites (with addresses beginning https://), so it is a good thing to look for for starters.
Despite the constant warnings consumers get from banks regarding online security, I still regularly receive genuine emails from banks that, because of the way they are written or the actions they request you take, could easily be construed as phishing attempts.