These are quick first looks and trend and threats


Read More >>
Written by the security and AV professionals from team K7, meant for the general audience
Read More >>
These are usually articles that go into internals of a virus or deal with security issues
Read More >>
Senior managers speak on areas of interest to them, inside and outside the industry
Read More >>

Gone Phishing? How to spot the bait and avoid being caught

For many of us, online banking has dramatically changed the way in which we manage our personal finances. The ability to avoid wasting countless lunch breaks queuing at the local branch to deal with payments and withdrawals in favour of a quick, convenient 24 hour banking service.

Unfortunately, the world of online banking has opened the door for fraudsters looking to procure our most personal details.

One of the biggest concerns since the advent of online banking has been the emergence of a scam known as “phishing”.

Imagine the scene. A man walks up to you in the street and claims to be from your local bank. He doesn’t know your name but he does know that he needs to confirm your address details, account number and PIN. Would you trust him?

Whilst it sounds completely absurd, that’s exactly what happens with a phishing attack. The difference being that the man asking for your details doesn’t approach you in the street, he approaches your email inbox.

The scam works when a fraudster distributes emails which are designed to look like it has been sent from a major bank or building society (although the scam can be applied to any online business) claiming that you need to update or confirm your account information. The email will be designed will look like the bank’s website, the email address will appear to have come from the bank and there will be a link included in the text which, when clicked, will take you to a website which will also look distinctly like your bank’s official site.

That is where the scam develops. The link you have clicked on may look like it takes you to your bank’s official site, but it is in fact just an imitation.

You will be told once again that your details need to be confirmed and so you fill in the relevant information. It is at this point where the fraudster obtains your information and is free to do with it what he wants, which usually involves emptying your account.

Whilst the whole process sounds incredibly complex, there are various ways in which you can protect yourself from such scams; some obvious, some more discreet.

Let’s start with the obvious.

Firstly, make sure that you install internet security software or antivirus software which includes an email scanner. This will prevent many phishing attacks from reaching your inbox in the first place.

If however, a phishing email manages to get though, ask yourself a few questions.

  • Why is the bank emailing you?
  • What has changed in your account to make them doubt your personal details?
  • If they normally contact you by post, why have they used email this time?

If the answers to these questions don’t seem to stack up, it’s highly likely that it’s a scam.

It is worth remembering that banks will rarely contact you by email. Most banks now have a messaging system integrated in their online banking service which will be their primary source of electronic communication.

Stop Press: UK customers of the now defunct savings bank Icesave may be receiving an official email from the bank and/or the FSA regarding your account. Be extra vigilant when acting on these and follow the best practice steps in this guide.

Also remember that a bank will never ask you to confirm PINs, account numbers, national insurance, social security number or CVV number in an email.

If you are genuinely unsure as to your account details, do not click the link. Instead, open up your browser and manually type in the URL of your online banking service. If there are any concerns, your bank will have left a message for you.

Those are the obvious things to look for but there are other, less overt, tell-tale signs that an email may not be what it seems.

Firstly, your bank knows who you are so why would they refer to you as “Dear Customer“? Unless the email refers to you by name, delete it.

Secondly, check the address and URL. Whilst it might appear to be from your bank, be suspicious if either does not match exactly with what you would normally type into your browser. Whilst your bank’s official URL may be yourbank.com, scammers often use variations such as your-bank.com, yourbank-uk.com, or even just subtle misspellings – all a tell-tale sign that the email hasn’t come from where it’s claiming to have come from.

If you do feel that you have been the victim of an attack, contact your bank immediately. There are systems in place to deal with these and you should be compensated for any losses from your account.

Tags: , , ,

Comments are closed.