Phish or No Phish?
Can you spot the differences between a real site and a phishing site?
Test your skills and improve your knowledge by taking this short quiz brought to you by Verisign.
Bank online safely
Avoid the risk of identity theft and protect your bank details
Banking online is very convenient but you have to protect your password and personal details so criminals can’t access your account in your name.
Risks
- Phishing, which means being tricked into disclosing your password and details to online criminals.
- Identity theft caused by viruses or spyware, giving criminals access to your bank account and other personal information stored on your computer.
For an example and explanation of how these risks can relate to real life situations, read the e-crime stories on this page.
Don’t be fooled by impostors
One of the biggest risks in banking online is identity theft. Fraudsters send out emails that look like they come from banks (or other trusted organisations) and which contain links to fake websites which also resemble the real thing. Phishing scams are like a fake cashpoint machine that looks like the real thing.
- Be wary of phishing emails. These may appear to be from your bank but are really from criminals trying to lure you to a fake website to get your personal information (see Avoid fake websites).
- Banks will never send you emails asking you to disclose PIN numbers, passwords or other personal information or which link to a page that asks you for this kind of information. Banks will normally use your actual name in the email, not Sir or Madam and include a recognisable reference such as part of your account number or address. If you click on a link in an email that takes you to a page that requires a password or personal information, it is very likely to be a scam.
- Always make sure you are using a secure internet connection to connect to your bank. Look for ‘https’ at the beginning of the address and the padlock symbol (See Learn about secure web pages).
- Although many trusted organisations do send emails containing legitimate links (for example to websites that contain more information on a given subject), always be careful when clicking on them. It is better to enter your bank's address into your web browser directly or use a bookmark that you created using the correct address.
- If you believe your details may have been compromised in some way, always contact the bank (See Undo identity theft).
Make sure your computer is secure
Because criminals can get your passwords and personal information using viruses or spyware, it is vital that your computer is as secure as possible. Follow the advice on this site, in particular:
Use common sense
- If you are unsure of whether an email seeming to have been sent from your bank is genuine, then you should contact your bank by other means to check.
- Learn your password and PIN. Destroy any written record as soon as you can.
- Don’t write down your password or PIN.
- Use different passwords for bank and credit card sites. Don't use the same password for every website.
- Use strong passwords.
- Be careful when using public computers to access your bank (see Use public computers carefully).
- Be aware of people looking over your shoulder (shoulder surfing) when you are entering in your details and logging on.
- Never give your personal security details, such as account number or PIN number, to someone you don't trust.
- Don’t fall for money-laundering scams. Be wary of any ‘business opportunity’ that involves receiving or holding money for strangers.
- A good source for further information, including information about known frauds, is your own bank's website.
Keep tabs on your money
- If you spot any unusual transactions in your statement, report them immediately.
More information
- The UK banking industry's Bank Safe Online website.
- The global Anti-phishing Working Group.
- The Home Office's Identity Theft website.
E-Crime Stories
Banking E-Crime
For several years Andy has been using his laptop to catch-up on emails and Facebook, browse the web for deals, and shop and bank online. One day he decides to replace his laptop for a faster model. Andy is thrilled with his new toy and after using an external hard drive to copy his files over to the new laptop eventually drops his old one at the local dump for re-cycling.
Andy never knows that his old laptop then changes hands several times until bought by a fraudster who can access the hard disk and extract all Andy’s personal information and details, even passwords. Criminals use this information directly or even try and befriend Andy through the various social networking sites. The criminal, now friends with Andy, starts sending him jokes, pictures and video clips.
What Andy doesn’t know is that some of those files he’s sharing are Trojans containing spyware. This allows them to copy Andy’s bank details from over the internet. Using all the information he has gathered, the criminals now impersonate their victims, accessing bank accounts, ordering credit cards and using these for buying goods online. Andy has now become the latest victim of identity theft.
Andy never knows that his old laptop then changes hands several times until bought by a fraudster who can access the hard disk and extract all Andy’s personal information and details, even passwords. Criminals use this information directly or even try and befriend Andy through the various social networking sites. The criminal, now friends with Andy, starts sending him jokes, pictures and video clips.
What Andy doesn’t know is that some of those files he’s sharing are Trojans containing spyware. This allows them to copy Andy’s bank details from over the internet. Using all the information he has gathered, the criminals now impersonate their victims, accessing bank accounts, ordering credit cards and using these for buying goods online. Andy has now become the latest victim of identity theft.
Phishing Scam
Andy logs onto his laptop computer to check his emails. He has received an email from his bank asking for him to click a link to update his user details. Andy, not realising that the email was a fake, clicks the link which then directs him to an external website that looks identical to the banking site that he usually uses. Andy hadn’t noticed that the secure padlock symbol that usually appears in his browser window and tells him that the page is genuine, was missing.
The site he is now on has been created by a cyber-criminal in order to collect his information. After clicking the link, Andy is presented with a “genuine looking” banking site with the standard input boxes such as, Name and Address, D.O.B, Email, Username and Password. Once Andy enters his data he gets re-directed to the actual website and is none the wiser that the identity theft has taken place.
|
|