Fraudsters drop their bait into the murky waters of the internet to see who will bite…. Phishing the name given to sending a trick email to get hold of your passwords, usernames, credit card details and other personal information that you use for online payments or banking. This type of fraud is most commonly done by email but sometimes by text message, or telephone.
How do they phish?
Phishing emails mimic ones that at first glance could come from your bank or perhaps PayPal or HMRC for example, and they will say that their computer system has detected some kind of threat to your account and that you therefore need to confirm, update or verify your details urgently otherwise your account will be closed in a matter of days. There will be a link to a website where you can enter these details as requested, and this is the danger – the link takes you to the fraudster’s own website, designed to look like the real bank’s website, where they will collect your account details. The next time you look, your account will be empty.
Giveaway signs of a phishing email
- The email will address you as Dear Customer rather than by your name. There may be several email addresses as well as yours in the ‘To’ line.
- The message is designed to alarm you with a threat to your account unless you give them information quickly.
- You will be asked for personal information – date of birth, password, PIN number, security code etc.
- The link in the message might well have the real company logo and even the company name in the URL address but it is possible for phishers to create a fake URL that does contain a legitimate name in it but with other words, http://www.barclays.confirmdetails.co.uk, or misspell a legitimate name just slightly to http://www.barlcays.co.uk. Note that if you are supposed to enter personal details on any legitimate website the address of that webpage will begin with the secure https prefix not just http.
- Look out for grammatical mistakes or sloppy spelling in the email.
What to do if you get a phishing email
If you think it might possibly be a genuine message do not log into your account by using the link sent to you in the email – type in the web address you usually use yourself and navigate from there to your account. A genuine message will also be waiting for you in the genuine website.
Banks or other financial institutions will NEVER ask you to verify your personal information by clicking on a link in an email.
Forward the email to your bank and report it to Action Fraud at www.actionfraud.police.uk That way, it can be investigated with other bogus messages.
Do not click on a link from a strange email, and do not open an attachment sent with a strange email in case it contains a virus that could damage your computer or steal information.
Phishing by phone
Beware phone calls alerting you to a security problem with your account and asking for similar information, or for you to give your bank card and PIN number to a courier. Never give out personal information over the phone unless you have found the number and dialled it yourself. Your bank will never ask for your PIN number, so don’t give it to anyone else either.
Phishing by text message
These may ask you to telephone your bank on a number they give you to verify, confirm or update your account details – again, never give out personal information over the phone unless you have found the number and dialled it yourself.
If you think you might have been the victim of phishing please contact us by completing the form below;