Gone Phishing
For a while now there has been a type of fraudulent activity known as ‘Phishing’, whereby the bad guys obtain passwords to your bank account by sending you an email pretending to be from your bank. It goes something like this example:
Dear Halifax Bank customer
Halifax is currently working to improve on the security of all our Online Banking Users as we periodically review certain Accounts which are vulnerable to Unauthorised Access.
We have noticed some unusual invalid login attempts into your Online Account and have thereby limited its ability to send funds.
To remove this limitation and initiate your Account Update Process, you are required to click on the button below to login to your Account..."
When you click on the link you will be directed to a web page that typically will ask for your personal details, account numbers, login details etc. The web page will look realistic but will in fact be an official looking page on the scammers web server.
Phishing emails come in all shapes and sizes. Some look extremely professional and realistic, whilst others are crude and badly constructed with spelling mistakes and poor grammar.
An obvious clue to a fake site is that the link will direct you to a domain name that looks real but with a slight difference. For example your bank website may be www.halifax.com. Take a look at the scammers version which will probably look like this www.halifax.com.d016.cn. When you look at domain names start at the right and work left. The primary part of the domain name is the rightmost characters after the dot and the characters just before the rightmost dot. However, scammers are becoming more and more sophisticated so it is always best to go to the domain yourself rather than click on a link.
Here are some simple precautions:
Never trust an email sender
The return address in an email can be faked. For the less computer literate, that's the bit of the email that tells you who it's from. The sender can choose any name/supposed address they want, so never trust an email just because it appears to be from a legitimate address. It is a well known fact that over 95% of phishing attacks use spoofed email addresses to appear more authentic.
Always Check The Content
Whilst the most professional spoofs may be almost indistinguishable from the real thing, other scams are much easier to spot.
A common technique used by scammers is to include all of the email's text as an image, and have the whole image link to a spoof website when clicked. This is a tactic to avoid email scanners that can scan the text in an email but not images. If you can't click and select the text as normal with the mouse, simple, it's a scam. Authentic emails are never constructed like this.
Bad spelling and grammar is also a dead giveaway, as are places that seem unable to spell their own names, e.g. ‘Alert from Ciitibnk'. Banks and the like don't send out emails with mistakes as bad as these.
Don't Open Attachments
Sometimes a spoof email will come with an attachment. Don't open it! It may be harmless, but there is no need to take the risk. This is the most common way that viruses are spread, and as well as being a scam the email may try and infect your computer with programs that steal information from you without your knowledge. 90% of computer viruses are distributed via email, so don't take the risk.
Update Your Computer Security
Make your computer safer and more secure with these simple steps:
Get an antivirus program (and keep it updated). Antivirus programs sit on your computer and scan every file in case it's infected with a virus. They can then remove it from your system. It is essential to keep an antivirus up to date, as new viruses appear everyday. Most antivirus programs will do this for you automatically.
Get an spyware removal program (and keep it updated). Ad removal programs are an essential companion to an antivirus, as they can pick up programs that the antivirus can miss. Some programs, known as ‘spyware', are not classed as viruses, but are still potentially harmful, as they can sit on your computer gathering information without your knowledge or consent. Some can even record every keyboard press you make, thus capturing important information such as passwords and credit card details.
Update your operating system. Most people these days use Microsoft Windows, but unfortunately Windows is not flawless, and security holes and other issues are regularly discovered that an attacker could exploit to get inside your computer and steal information. Fortunately Microsoft fix every weakness they find, so make sure you've got all the latest updates at http://windowsupdate.micosoft.com.
Never Give Out Your Personal Details
This is the simplest rule of all. Banks, financial institutions and the like will never ever send you an email asking you to directly verify your account or update your details via an email. It simply doesn't happen. In such rare cases where problems occur they will contact you directly by phone, letter or other means. Even if an email looks authentic, it more than likely isn't. For example, did you know that a link can say one address but actually go somewhere completely different.
Visit Sites Directly
If you are going to visit any site where you intend to enter your account details or similar, you should only go there by typing the site's address directly into the browser address bar, not by clicking a link in an email. This is the only way to be sure you are visiting the real site and not some sort of spoof.