Technophobe - help and advice for your time online.
We already have some topics as help for members (see
http://z4.invisionfree.com/Mandana_Jones_N...hp?showtopic=42 for more details on other aspects of your time online).
In this thread we are going to look at the issue of Phishing Emails
What is Phishing?
Phishing refers to emails that are used to persuade you to disclose private information that can be used to steal money from you
Various techniques are used to pursuade you to click on a link contained in the email, or to visit a site. When you do you will be required to enter sensitive information such as a user name and password or banking details. These emails always appear to come from genuine well known companies such as banks, building societies, PayPal, Ebay etc.. etc.. and the bogus sites that you visit when you click on the link will have been designed to look genuine.
Many people who click on links from these emails have no idea they are not genuine!
Examples of Phishing Emails
Here are some good examples of these scam emails. You can see how some of them are incredibly convincing.
This is just a very small selection of the hundreds of scam emails currently circulating. I've included them to give you an idea of how genuine they can look these days. Remember you also get genuine looking images and logos which make these emails seem even more convincing.
Amazon
Amazon is committed to maintaining a safe environment for its community of customers. To protect the security of your account, Amazon employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the Amazon system for unusual activity.
We are contacting you to inform you that our Account Review Team identified some unusual activity in your account. In accordance with Amazon's User Agreement and to ensure that your account has not been compromised, access to your account was limited. Your account access will remain limited until this issue has been resolved.
To secure your account and quickly restore full access, we may require some additional information from you for the following reason:
We have been notified that a card associated with your account has been reported as lost or stolen, or that there were additional problems with your card.
This process is mandatory, and if not completed within the nearest time your account or credit card may be subject for temporary suspension.
To securely confirm your Amazon information please click on the link bellow:
https:// www.amazon.com/cgi-bin/webscr?cmd=login-run *note none of these links are active and please do not copy them into your browers window since they are from genuine phishing emails!*
We encourage you to log in and perform the steps necessary to restore your account access as soon as possible. Allowing your account access to remain limited for an extended period of time may result in further limitations on the use of your account and possible account closure.
For more information about how to protect your account please visit Amazon Security Center. We apologize for any inconvenience this may cause, and we apriciate your assistance in helping us to maintain the integrity of the entire Amazon system.
Thank you for using Amazon!
The Amazon Team
Barclays Bank
Dear Barclays Customer,
We Hereby notify you that Your Account has been suspended due to unauthorised activities we noticed going on in your account. Due to this we advice you to VERIFY your account to clearify you as the legitimate owner of this barclays online account by clicking the following link.
https:// activate.barclays.co.uk/olb/p/LoginMember.do
Note: you will be asked to provide the following details :
1 Surname
2 Membership number
3 Five-digit passcode
4 memorable word.
At Barclays we strive to ensure the safety of our coustmers and maintain our high quality standard.
Security Department
Barclays Bank PLC.
Please do not reply to this e-mail. Mail sent to this address cannot be answered.
For assistance, log in to your Barclays Online Bank account and choose the "Help" link on any page.
Barclays Email ID # 1009
Notice the way it is warning you about scam emails that are asking for your details ... and then does exactly what it is warning you about.
(It is also worth noting that the address that appears to be: https:// update.barclays.co.uk/olb/p/LoginMember.do is actually something completely different and starts with http:// - signifying that it is not actually a secure site at all)
How to spot a Phishing email
Unfortunately there's no specific thing that will tell you whether a particular email is genuine or a scam. However, there are indicators to look out for:
* Asking for sensitive information
This type of scam is so well known now that no genuine company will ever send an email asking for you to click on a link to supply sensitive information or verify account details. If you get an email asking you to do so you can almost guarantee that it's a scam!
* Who's the email addressed to?
If you have an account with a company that holds your financial details, then they certainly know your name. If the email isn't addressed specifically to you (e.g. the ones above are all 'Dear account holder' or something similar) then this can be a dead giveaway that the email isn't genuine. But please note that I have heard reports of some Phishing scams that do address the email to you, so while this is a good indicator you should consider it in relation to others.
* Grammar and Spelling
When Phishing emails first appeared they contained extremely bad English and were often full of spelling mistakes. Unfortunately, as these scams have become more sophisticated so also has there use of the English language. If you study the emails above you will find that there are some glaring spelling errors and the language often seems not quite right.
* Scare Tactics
Most Phishing emails include a message that is intended to scare you into following their instructions. Often they tell you that there is unauthorised activity on your account or someone is using your credit card without your knowledge.
* Deadline
Another trick they often use is to give you a deadline - give us your details immediately or your account/credit card etc.. will be disabled.
* Links
Often the links don't match the real sites website address in any way. Most obvious is when you hover over and it has a number listed instead of a website address. For example http:// 206.86.9.00/login.php
Tips to help avoid these dangers.
There's only one way to be absolutely sure that you don't get scammed by one of these emails, and this is a rule that I always follow:
NEVER click on a link in an email that is asking you to provide sensitive information or verify account details, no matter how authentic you think the email is!
* If you think the email might be genuine, log into the website yourself NOT via the link in the email, and contact the business involved, explaining your concerns. Any genuine business would rather you were protecting your interests by doing this rather than you finding out you've had information taken and used against you.
* Always check that when you visit a site requesting sensitive information it's a secure site.
A secure site will always have an address that starts with https:// (normal sites begin with http://).
Secure sites will also have a padlock icon in the status bar at the bottom right of the browser window.
* If you receive an email that says it's from PayPal, forward it to spoof@paypal.co.uk and wait for a response before you do anything else with the email.
* If you receive an email that says it's from Ebay, forward it to spoof@ebay.co.uk and wait for a resonse before you do anything else with the email.
What to do if you've been caught out
If you think that you've been caught out by one of these scams, and may have given away sensitive information, here's my advice as to what you should do:
* Immediately change your account information - especially the password.
* If you can check who has visited your account, or whether there has been any unauthorised activity, then do so.
* Inform the company/bank that you have the account with that you suspect you have been the victim of a phishing scam and follow their advice.
* If you think your credit card or bank account details have been compromised you should notify your bank or credit card company so that they are aware, and again follow any advice given.
So the golden rule is - never click on a link! Always type the address in yourself if you aren't sure - and check with customer service!