According to the Mirriam-Webster Dictionary, phishing is “a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly”.
We’ve all received these types of emails, where our bank sends us an email advising us that there has been a problem with our account. They kindly provide us with a link we can click to log in and verify our account and rectify the issue. How convenient right? WRONG!! DO NOT click on this link! It is almost certainly a phishing scam.
If you were to click on the email link, you would be taken to a webpage that looks like your banking site, however, it is basically a simulation of the site, where the entire site has been copied and stored in another location. The webpage looks the same, and behaves in the same way (i.e. you have the same boxes to type your username and password into), however, once you submit your login details, you will often be presented with an error message and asked to click another link. This link will take you to the legitimate banking website, but it is too late. The hackers have already stolen your account information and within as little as 30 minutes, they will have used it to steal money or make purchases from your account. It is that easy!
Here are some tips on how to protect yourself from being a victim of phishing:
- If you don’t know the sender of the email – DO NOT click on any links within the message
- If you know the sender, but you did not request the information (e.g. a change to your password) – DO NOT click any links
- If you are unsure if the link is legitimate or not, hover your mouse over the link and look at the URL (web address) that pops up. Often, if the link is a scam, the URL will be a mishmash of letters, numbers and special characters, and the domain at the start of the URL will not match the sender’s domain
Tech Tip: This is a method called “Obfuscating”, where cyber criminals use a Data URI Scheme to create a URL that is intentionally confusing and allows data to be included within the web page address.
For examples of scam emails, refer to the FraudWatch International Phishing Alerts.
If you think you have been the victim of a scam, contact your bank by phone and ask them to freeze your accounts until you can identify what has happened.
IMPORTANT! Do not try to log in to your banking website, as your computer may have been compromised.
Phishing scams have been around for over a decade, and you would think that virus protection software would be sophisticated enough by now, to catch all of these scam emails. Unfortunately, hackers are getting cleverer by the minute too, and phishing emails are still a highly effective way for them to steal personal information. Financial Institutions take many precautions to try and protect their customers from these phishing scams, however, they cannot always stay ahead of the scammers.