Phishing – don’t fall for the bait

Lloyds TSB evil phishing popup scam

Heard about online phishing, but know more about fly fishing? Well here are the ins and outs to help make sure you’re not caught hook, line and sinker.

Phishing is a scam, where criminals try to get hold of your account details, logins and passwords. In financial terms this is most often an effort by unscrupulous individuals in order to access your online bank accounts, or steal your identity, so that they can use your bank account or credit card to make purchases.

How do they do it? They send emails to thousands of people in the hope that someone will bite. These emails appear to have come from banks, credit card companies and online shops – a whole range of shopping and personal finance organisations you would normally trust – but really they are fake. They tend to encourage you to click on a link which will take you to a website that looks exactly like the real thing. Then it will trick you into entering your personal information such as a password or credit card number.

So how do you make sure you don’t fall for the bait? Well, don’t just assume phishing emails are going to be as obvious as the old Nigerian bank account scams – far from it. Online phishing has become extremely sophisticated, so, keep your wits about you and look for the following clues.

  1. The email is unexpected – you don’t normally receive emails like it.
  2. The sender’s email address doesn’t tally with the organisation’s web address. Such as ‘services@citibank.globaltransfer.com’ instead of  ‘citibank.com’.
  3. It greets you as “Dear customer” or “Dear member”, or addresses you as your email address and doesn’t use your proper name.
  4. It offers you something exciting or has a sense of urgency; unless you act immediately your account will be closed or you will miss a money saving opportunity.
  5. It encourages you to click thru using a web link.
  6. It asks for personal information such as user name, password or bank details – remember your bank will never ask for your login details.
  7. The text is contained within an image which also contains an embedded link (often to a bogus site).
  8. When you right click on the link and choose “properties” to reveal the link’s actual destination, it doesn’t tally with the address given in the email.
  9. The link address is almost, but not quite, the same as the normal web address of the organisation the email claims to represent (such as ‘rbsloans.co.uk’ or ‘www.rbs.userid.com/personalcreditcards’).
  10. Your instinct simply tells you something isn’t quite right.

Even if none of the above applies, you should still think twice before clicking on email links, no matter where they are sent from, especially when they appear to be regarding you bank account. If in doubt, log on to your bank’s website and look for contact details of for the fraud prevention team. They should be able to assist you further.

Creative Commons License photo credit: Thox



Leave a Comment

Your email address will not be published. Required fields are marked *