Don't Be The Catch of The Day - Avoiding Phishing Scams

(Note: This is an extended version of our article from the June 2009 Newsletter)

Phishing (pronounced “fishing”) emails and websites are created in order to trick you into divulging confidential information, like passwords, bank account information or credit card numbers.

The most common type of phishing scam is an email with a link to a website which looks like the genuine article, but is just pretending to be the real thing to trick you into entering your real username and password. This is how much of credit card and bank account information is stolen online.

The most recent phishing scam, which started targeting the Commonwealth Bank and then moved onto other banks was a step up from what we have seen in the past, with vastly improved English, and a number of clever psychological tricks to make a person feel compelled to act quickly. Some of the most effective messages even claimed to be a “Security Alert” or claimed that your account had been compromised. Other emails included topics such as “There has been an error in an online transaction. Please log into your account via this link to verify the transaction.”

The whole purpose of a phishing attack is to get you to click the link.

From here, one, or possibly both of the following will occur:

1. This link will take you to a webpage that looks quite similar or even identical to the login page for whatever banking site you use and there will be a field for your username and password. After you have typed in your information, the information gets sent off and recorded so that they may use it to log into the real account and steal your money.
2. The fake website will install malicious software on your computer.

Because of this, as a general rule, banks and financial institutions will never send you emails with direct links to a login page (and if they ever do perhaps you should move your money to another bank).

You need to always be vigilant about links in emails simply because it is so easy to make fake emails that look like the genuine article. If you receive an email from a site you signed up to, or you went to a site and asked to have your password reset then those links are probably okay. If an unexpected email arrives asking you to log in to a system then you should treat it with a great deal of suspicion.

So if you ever receive an email claiming to be from the bank asking you to “Click this link,” or “Click here to enter your financial details,” or “Login here to verify your account” then treat them with a great deal of suspicion. If you are still not sure, call the organisation that claims to have sent the email. Alternatively, if you know how to login to the page then use your browser and navigate yourself there. Don’t click the link in the email