straightforward, plain-english computer help and guidance for mature learners
 

 

Spam, scams and shams... Phishing

A guide to understanding Phishing

Author:  Tina Landers

 

Phishing (pronounced fishing) is one of the many forms of identity theft prevalent these days. While typically referring to computer technology, phishing is also increasingly being used in telephone scams.

The word phishing is believed to be a derivative of the word fishing and is used in the same context as "fishing for information". Like fishing, phishing uses various "lures" to "hook" its victims.

Phishing, in the computer technology context, is usually instigated via an "official" email (from the recipient's bank, Paypal, or any of the dozens of sites that they may conduct any online business with) directing the recipient to a website which looks and feels like the "official" website. At the fake website, the recipient is asked their login and password (as they would be at the real site). Those details are then captured by the scammers and then used to gain access to the recipient's account at the real site. In some phishing scams, email recipients are asked to "confirm" all sorts of details - date of birth, social security number, account number/s, login and password details, credit card numbers and details, etc. The fake sites that they are directed to are so legitimate-looking that unsuspecting victims have "given away" all sorts of details about themselves, providing the scammers with information and access to their life's savings. It's not a difficult trap to fall into - many "knowledgeable" individuals have fallen prey to phishing scams.

A phishing email may read something like this one which I received last week:

 

Dear Royal Bank of Scotland customer,

As part of our ongoing committment to the highest standards of customer security and our security procedures, you are required to confirm your account details by completing our Digital Banking Customer Confirmation Form (CCF) by selcting the the link below:

http://sessionid-41869.rbs.co.uk/customerdirectory/direct/ccf.aspx

Please note that if you do not confirm your account details within seven days, your account may cease to function, in which case you will be required to reactivate your account by presenting appropriate identification and residential details at our Head Office.

We trust you will understand this minor inconvenience which directly benefits all our customers.

Thank you for choosing Royal Bank of Scotland

***This is an automated email from Royal Bank of Scotland Customer Service. Please do not respond to this email.***


 

Firstly, I am not a customer of the Royal Bank of Scotland so I promptly ignored it.

Secondly, and even if I was an RBS customer, I would immediately have been suspicious of the email for a number of reasons - I would not have expected the Bank to contact me this way, I would expect them to address me by my name, I would not expect my Bank to ask me to identify myself over the Internet, I would not expect them to attempt to scare me with the "within seven days" phrase, I would not expect them to make me go out of my way to get to their Head Office when my local branch was far more convenient, I would expect some form of contact details if I had any questions, I would expect the options to be detailed in case I was not comfortable confirming my details electronically, I would expect the address details (the http://  section) to be less suspicious!

OK, so this one was obvious, and, by the time I tried the link it had been removed. But, think how many innocent people may have been fooled into parting with their details. It's downright scary!

Not all phishing scams are so easily identified though. Expert scammers have gone through enormous efforts to look genuine, even to a point of copying the content of the official website into their fake website. Some have even managed to disguise the website address (the http:// address) so that it looks like the real thing.

Web browsers and security software developers are attempting to combat phishing by identifying and warning users about suspicious websites and disguised website names. But, as you would expect, it is a cat-and-mouse game trying to stay that step ahead of the scammers.

There have been many reports lately about telephone phishing. Telephone phishing scams involve a call from someone who claims to be from some financial institution where you conduct your business. As part of the process they ask you to "identify" yourself so that they can confirm they're speaking to the right person. You may be asked to "confirm" your date of birth, mother's maiden name, etc before they move on to asking you to "confirm" your account number or credit card number or all forms of information that you should not part with.

If you receive an email or telephone call that arouses your suspicion, you are perfectly within your rights to suggest that you do not want to divulge any personal information and that you will visit or contact a local branch of the institution as soon as you can. Genuine financial institutions do not ask you to "identify" yourself electronically any more. If in doubt, visit or call your financial institution. Do not click on any "links" to their sites. Re-open your Web Browser and navigate to their site as you normally would.

 

Top of Page

Send this page link to a friend:

    (We do not see the Email or its addressee, we simply create it for you) 

 

Need something specific?

   
Home
About
Contact us
Articles
» What is
» How to
» Spam, scams and shams
» Did you know
» Other digital equipment
Recommendations
Take a break
Places to visit

 

 Add us to your favourites!

 

 

    

 

PLEASE HELP
THE RED CROSS
http://www.icrc.org/eng

Copyright © miceandme.com 2009     All Rights Reserved                                        Home Contact us