What is Phishing?
Alarming numbers of Australians still do not know what the internet scam called 'phishing' (pronounced "fishing") is, nor are they adequately protected against it, a Galaxy survey has found.
Phishing is a type of fraud that tricks people into giving out their personal and banking information through hoax websites or phony emails which steal people's personal information, such as credit card numbers, account data, usernames and passwords. Many of the hoax / phishing emails may appear to come from legitimate and trusted business that you may have dealings with, such as banks (eg. CBA) and online organizations (eg eBay and PayPal), Internet service providers (eg. MSN and Google). The message may look quite authentic, featuring corporate logos and formats similar to the ones used for legitimate messages. Typically, these emails lead recipients to fake websites designed to trick the customer into entering their personal banking details. This information is then used to steal your money!
Because the emails look so official and convincing, they are very effective for criminals.
Criminals send out millions of these fraudulent e-mails to random e-mail addresses, whether or not they are a customer of the organization, in the hope of luring unsuspecting innocent persons into providing their personal banking details.
If the link is followed, the victim often also downloads a malicious program which captures his / her keyboard strokes including any typed information, such as banking login details and sends them to a third party.
How to Identify E-mail Fraud
So, how do you know if the email you received is fraudulent? Here are a few things you should know:
- Your bank will NEVER send you an email, or call you on the phone, asking you to disclose personal information such as your credit card number, online banking password or your mother's maiden name.
- Be suspicious of unsolicited emails that have a sense of urgency and warnings that your accounts will be closed or your access limited if you do not reply.
- The email may claim that your details are needed for a security and maintenance upgrade, to 'verify' your account or protect you from a fraud threat. The email may even state that you are due to receive a refund for a bill or other fee that it claims you have been charged.
- Does the email look professional? While some fraudulent emails may look professional at first glance, if you look more closely you may notice spelling and bad grammar, unusual language or branding that is not quite right. Fraudulent emails are not personalized and, instead, are addressed in general terms, such as 'Dear valued customer'.
- If you receive an email notifying you that an email money transfer is being sent from a person you do not know, delete the email as it is reasonably fraudulent.
How to Avoid E-mail Fraud
There are some simple steps you can take to avoid becoming the victim of phishing scams:
- Be skeptical. Fraudulent emails can look like they come from a real bank and organization email address. If you have any doubts about an email that looks like it is from your bank or a reputable company, contact them before responding to ensure that it is legitimate. But do not use the toll-free number, email address or website address provided in the email: they may link you to the criminals rather than the bank. Use a phone number, email address or website address that you know is correct.
- NEVER send your personal, credit card or online account details through an email.
- NEVER send money, or give credit card or online account details to anyone you do not know and trust.
- Do not give out your personal, credit card or online account details over the phone without you made the call and the phone number came from a trusted source.
- Always enter your bank or organizations website using the website address (URL) that you know is accurate – use a bookmark link or type the address in yourself: NEVER follow a link in an email.
- Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.
- Check your credit report at least once a year by contacting the Australian credit reporting agency Veda – Tel: 1300 762 207.
- If the email links to a website, check the website address carefully. It's easy to disguise a link to a site. Scammers often set up fake websites with very similar addresses (eg. Substituting similar-looking characters, so that paypal.com could be (and has been) spoofed as paypaI.com or paypa1.com. letter O within a URL.) The longer the URL, the easier it is to conceal the true destination address.
- Do NOT cut and paste a link from the message into your web browser – as mentioned above, phishers can make links look like they go one place, but that actually send you to a different site. Some scammers send an email that appears to be from a legitimate business and ask you to call a phone number to update your account or access a 'refund'. Because they use VoIP (Voice over Internet Protocol technology), the area code you call does not reflect where the scammers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card, or type in the web address yourself.
- NEVER enter your personal, credit card or online account information on a website that you are not certain is genuine.
- On the Internet, whenever entering personal information, ensure that you are using a secure website. Look for https: // rather than just http: // in the address bar of your Web browser as well as a closed padlock in the bottom right corner of your browser.
- Make sure that your computer is protected. Install anti-spam, anti-spyware and anti-virus software and make sure they are always up-to-date. You should also install a personal TWO-WAY firewall to act as a barrier to viruses and other external attacks and check for operating system patches and upgrades on a regular basis.
- Do NOT open suspicious or unsolicited emails (spam): delete them.
- Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
- Update your browser.
- NEVER use public computers to access private information. Internet kiosks at hotels and other businesses are convenient but often have Trojans and keyloggers installed that collect and transmit your information to the criminals.
What Should You Do If You Receive a Fraudulent E-mail?
If you suspect that you have received a hoax email, you should take the following action:
- Axiom suggests that you treat phishing emails as spam and delete the email immediately from your Inbox and Deleted Items folder without opening.
- Do NOT reply to the email, and do NOT click on any links in the email, or open any files attached to them. Never call a telephone number that you see in a spam email.
- Spam emails are a proven method for distributing viruses and other unwanted programs. If you have clicked on the link within the email, complete a full security scan of your computer (to check for computer viruses, trojans and spyware).
- If you have responded to any email by providing your confidential information, or believe you are a victim and have lost money as a result of phishing activities, please contact your financial institution and the local police immediately.
Criminals have learned that they do not need to pull a gun on you to get your wallet or purse. They're using the Internet to steal your money and identity! Take a few simple steps to stop them, and do not become an identity theft statistic.