Phishing… An Increasingly Prevalent Fraudulent Scam in the UK and Abroad.
Phishing UK
You may have heard the word phishing, in connection with stories in the media about fraud committed over the Internet. This is a very prevalent fraudulent scheme in the UK and abroad, that uses e-mail spam or pop-up messages to deceive you into revealing your credit card numbers, bank account information, social security number, passwords, or other sensitive information.
The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically.
The fraudsters send an e-mail or pop-up message that claims to be from a business or company that you deal with, for example; your bank, an online payment service, your Internet service provider (ISP), or even a government department.
The message usually informs you that you need to re-register re-activate your account, or confirm personal information. It might threaten some serious consequence if you don’t reply.
These e-mail scams are typically NOT personalised, while valid messages from your bank or E-commerce company generally are.
The message directs you to a Web site that looks just like your legitimate organisation’s site, but it is false. The purpose of the fake site is to trick you into divulging your personal information, so that criminals can steal your identity and transfer money out of your accounts, or even commit crimes in your name.
How You Can Avoid Getting Hooked by a Phishing Scam Financial Institutions and consumer protection agencies, provide guidelines to help you avoid this scam as follows:-
- If you get an e-mail or pop-up message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies don’t ask for this information via e-mail. If you are suspicious, contact the organisation named in the e-mail using a telephone contact number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address. In any case, never cut and paste the link provided in the message.
- Never use e-mail to pass on personal or financial information. E-mail is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organisation’s Web site, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a web-site that begins “https:” (the “s” stands for “secure”).Unfortunately, no indicator is foolproof; some phishers have forged security icons.
- Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorised charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
- Use anti-virus software and keep it up to date. Some phishing e-mails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files.
- Consider installing a Web browser tool bar, which helps protect you from known phishing fraud web-sites. EarthLink ScamBlocker is part of a free browser toolbar that alerts you before you visit a page that’s on Earthlink’s list of known fraudulent phisher Web sites.
Its free to all Internet users – download at- http://www.earthlink.net/earthlinktoolbar
- Ensure that your browser is up to date and security patches applied – in particular, people who use Microsoft Internet Explorer.
- A firewall helps make you invisible on the Internet and blocks all communications from unauthorised sources. It’s especially important to run a firewall if you have a broadband connection.
- Be cautious about opening any attachment or downloading any files from e-mails you receive, regardless of who sent them.
Always report phishing or e-mail scams to the following groups:-
Forward the email to reportphishing@antiphishing.com
Report it to- reports@banksafeonline.org.uk
Forward the email to the “abuse” email address of the company that is being faked (e.g. “spoof@ebay.com”). When forwarding spoofed messages, always include the entire original email with its original header information intact.
What to do if you Have Already Responded to a Phishing Scam Report the incident. If you feel your personal information has been compromised or stolen, immediately report the circumstances to the following authorities:-
You’re Local Police.
Your credit card company, if you have given your credit card information. This should be your first step. The sooner an organisation knows your account may have been compromised, the easier it will be for them to help protect you.
The company that you suspect was faked – remember to contact the organisation directly, not via the e-mail message you received.
Most ISP’s are now doing there bit to identify and block Phisher Web sites – this is very welcome news!