An excellent article on phishing scams from HP Small & Medium Business
You’ve just received an email from the bank, telling you that there was an error in your favour in your last bank statement, and that you should “click here” to claim what’s owing to you.
Fantastic news! Isn’t it?
No: you’re about to become a victim of a type of cybercrime called “phishing”.
Baiting the hook
First given the name in 1996, “phishing” describes a scam which is designed to trick you into giving away your online passwords. The hook is often an e-mail from an apparently trustworthy source, with a link to a website that looks exactly like one you are familiar with. There you’ll be asked to provide details which would enable scammers to obtain money, take out credit card loans in your name or commit other crimes. And as soon as you’ve clicked on the link or opened the attachment, you’ve exposed yourself to computer viruses that can detect your keystrokes when you log on to your accounts.
Phishers are always coming up with new ways to target people or organisations; with smartphones and the use of social media on the rise, opportunities are ever greater for these attacks. “Vishers” (voice phishing) try to obtain information by phone; “smishers” send text messages (SMS); and spear phishers target corporate employees. All of them want to take your money; all are committing criminal acts.
These are all typical scams; people become victims every day.
So remember these three rules:
1. Check the URL.
If an email comes from your bank, look carefully at the URL.
First comes http:// or https://
Next comes the host name, for example xxbank.com
But check it carefully! Scammers often include your bank’s name in front of their own website name. For example, if your bank’s address is xxbank.com, a scammer called badbank.com might use xxbank.badbank.com, or even xxbank.com.badbank.com. They own the website “badbank.com”, so they can put whatever they want in front of it.
Something else to watch out for: sometimes, scammers insert hyperlinks to their own websites, hidden behind innocent-looking text. For example, the hyperlinked text says: http://www.xxbank.com, but the actual hyperlink is to http://www.badbank.com Again, the only sensible thing to do is NOT TO CLICK. Banks and other financial institutions do not send e-mails about important issues.
2. Don’t trust strange emails or phone calls.
Remember that banks, credit card issuers and similar institutions would never e-mail or phone customers with important information; they would send a letter. So no matter how pleasant or convincing the “bank employee” on the phone is, end the conversation quickly without giving any information. If you aren’t sure whether an e-mail or phone call is genuine, phone your bank yourself or write them a letter.
3. Use up-to-date software.
The best thing you can do: install the latest software to protect your computer from malware (malicious software).
Is it too late?
Once you’ve got your anti-virus software and personal firewall installed, you should be safe – but it’s still wise to remember what they told you when you were a child: “Don’t talk to strangers.” At least, don’t tell them your passwords.