Phishing is a special type of spam email, cleverly disguised in an attempt to steal your passwords and bank codes. Once the phishers have got those, they steal your money.
How does it work?
You receive a plausible-looking email from your bank, a regularly used retailer or Government department. These are sent at random in the hope they may just catch someone who has, for example, an account with that bank and thinks it is genuine. You'll usually realise it’s a con because you have no relationship with the company, but sometimes you may get caught.
At the bottom of the email, there'll be a link. Often it looks like a real one. When you click on it, it'll probably take you through to a professional-looking website – a mirror image of the real thing. You’ll comfortably put your password in – and then you can say bye-bye to your cash.
What can I do?
NEVER EVER EVER EVER click a link and enter your password - no matter how genuine it looks. If it looks a genuine security concern, call your bank or visit its published website address. If it's genuine you can handle it that way, just never click on these links.
What about phone calls?
These are likely to be more genuine. However, I would still suggest that as good practice, you should never give your Pin or password, or agree to transfer money to another account. Always call the bank back by its published number - that way, you'll know it is genuine.
In a more sophisticated approach, some fraudsters are now calling people pretending to be from their bank, and encouraging them to put the phone down and call the bank back.
The fraudster then waits on the line (so the call's not cut off) while you 'call the bank back', then proceed to get the information they want, while you think you're talking to your bank.
If you can, use a different phone (office, mobile) to the one you were called on to foil this. If you can't, leave some time before you call your bank back to try and ensure the fraudsters think you haven't fallen for it and hang up.
Mistaking the genuine for a scam is nowhere near as bad as mistaking a scam for the genuine
Examples of phishing
We receive phishing emails constantly, so thought we'd share a couple with you. These have NOTHING to do with the parent banks. I have slightly changed the links in them to prevent anyone clicking them in error.
Phish number one – The Invisible Text Phish
Run your mouse over the email and select it. You'll see invisible text appearing. The additional characters you can see in this help it beat some anti-spam software.
The technicaI2services of this BankNare carrying out a3planned software upgrade.
We earnestlyjask you9to visit the folIowingilink to start the procedureaof confirmation ofLcustomers'Hdata. Hea
lth in 1939https://web.da-us.citibank.com/Iogin.ref.XXXX1449/scripts/client_conf.jsp Mau I ask ThisRinstruction has beenxsent to allYbank customersEand is obIigatory to foIlow. NBA LycosWe0present ourDapologies and thankxyou forCco-operating.Will you, please...
in 1961 Pictures in 1910 may closeWorld War II in 1845The NFLin 1935 Pearl Harbor AnmemberSofRcitigroup
in 1978 in 2000 CopyrightG©R2004cCiticorp
Phish number two - The Earnest Approach
What we love about this one is it purports to be a genuine protective email aimed at stopping just this type of problem. Cunning devils.
Email address this seemed to come from: Citibank Email Security.
Underlying address it actually came from: Security-Alert@bank.alert.it.rd.yahooX.com
Dear Citibank Member,
This email was sent by the Citibank server to verify your email address and your identity. You must complete this process by clicking on the link below and verifying your Citibank account.
Citibank will test your identity due to latest security check.
Some of our clients recived calls from individuals pretending to be Citibank.
Tip of the day:
If you receive a suspicious phone inquiry, like one asking you to verify personal information, don't provide any information and call us right away.
In order to verify your account please click on the link below !
Phish number three– The Enticing Attachment
A final type of phishing email to watch out for is one including an attachment, often a '.htm' or '.html' file. The sender will be trying to convince you to click and open this file, as the virus is hidden inside.
One example's an email, saying you've received a court summons. It gives you times and dates, and then asks you to download the official summons document. This'll be a zip file, that has a malware contained within it. Read more about this scam at ActionFraud.
These emails will be designed to invoke panic - your account's being shut down, you have to appear in court, and others. Before opening any emails like this, take a few breaths - is it genuine? Would a bank or court really just drop you an email with this information. Is there anyone at the bank or court you can call to find out INSTEAD of opening the email?
The solution is simple, but it's so important it's worth shouting LOUD...
Never ever ever ever EVER open an attachment unless you are 100% sure of its contents. EVER.
A final thought
Phishing emails can appear to come from any bank or building society, or financial organisation for that matter, such as HM Revenue & Customs. They are extremely cleverly done. Look at the above, it's very easy to be fooled.
Just follow the golden rule. Never click a banking/financial link in an email. Always go to the published website address yourself.
These people are scum, but clever scum. Protect yourself.
Test your knowledge