Phishing – general advice to help you stay safe online

“Phishing Scams” are a way for cyber criminals to steal confidential information and even your identity.  Scammers send out thousands of emails pretending to be credit card companies, banks (including paypal), online auction sites (like ebay) and other organisations.

Phishing scams normally contain a serious incentive or technical reason why you need to visit their site, for example “your account will be suspended unless……”.  A lot of people just click the link without thinking about it, but they will be taken to a site that looks very similar to the official one, however the site is a fake, designed to lure the victim into a false sense of security so they will enter their personal information such as username, password or even their credit card number!

How to spot a phishing email

It is extreemely easy to make an e-mail look like it has come from someone different.  Below are some simple tips to help you tell the difference between a real email and a fake email:

• The email asks you for your personal information such as username, password, or credit card number, your bank would never do this.
• The email address that the email has been sent from is not the same as the organisations real website.
• The email has been sent from a free email system, e.g. hotmail or gmail.
• They address you in a non-specific manor e.g. ‘Dear Customer’, rather than by your name.
• The email will try to make you think that there is a sense of urgency, i.e. “respond now or you account will be suspended”.
• The link in the email does not quite match up with the organisations, even one character out and you will be sent off to another website.
• You are not expecting to get an email from that organisation.  We get an email from Nationwide all the time telling us that they are going to close our account unless we log in, however we are not to bothered by this as we dont have an account with Nationwide.
• The email contains only images, including the text of the mail, the image is one big hyperlink that will take you to the fake site.

How to spot a fake webiste.

Most modern web browsers will have automatic filters that help to detect fake websites; e.g. Mozilla FireFox 2 and Internet Explorer 7. (They both can be downloaded for free off the web)  However, they are not always 100% successful, so here are a few tips to help spot fake sites:

• Use your instincts, if it even slightly looks wrong then it probably is fake.
• The address to the website is slightly different to the organisations normal address.
• There is no padlock shown in your browser to show that there is a secure connection.
• They are requesting personal information, for example username, password or other details in full when you are normally only asked for some details.
•  Right-clicking on a hyperlink and selecting properties should reveal the links true destination. By doing this you can then compare it to the organisations normal website address.

Ways you can protect yourself

• Never click on a link embedded in an email, always type directly into your browser.
• Use a spam filter, e.g. AVG Internet Security.  This will block many of the fake emails.
• Don’t give your personal information unless you intiated the contact and you are sure you know who you are dealing with.
• If in doubt contact the bank or website owner directly by telephone or email before giving any information.

For more information on this the UK Banking Industry has set up a site to help, Bank Safe Online.

Related Posts

• April 2, 2011 -- Passwords – Keep it quiet!
• August 14, 2010 -- Is your software up to date?
• July 24, 2009 -- FAQ: Is banking online/using my credit or debit card online safe?
• March 26, 2011 -- Passwords – How not to create a password!
• March 12, 2011 -- Passwords – What makes a good password?

Tags: online, phishing, safe, security