123 Reg logo Blog

Gone Phishing!

By 123 Reg - July 6, 2007

“Phishing scams” are a way for cyber criminals to steal confidential information and potentially your identity. Scammers will send out thousands of emails pretending to be credit card companies, banks, online auction site and other organisations.

Phishing emails will normally contain a highly emotive or technical reason why you should visit their site, for example “update your password or your account will be suspended“. A lot of people will just click the link without thinking about it, they will be taken to a site that looks very like the official one, however it is a fake designed to entice them into entering their personal information such as username/password or credit card number.

How to spot a phishing mail

It is remarkably easy to make an e-mail from one person look like it has come from someone different. Here are some simple tips to help you to spot an phishing mail.

  • They ask for personal information such as username, password or credit card number; your bank would never do this.
  • The email address that is has been sent from is not exactly the same as the organisations website.
  • The email has been sent from a free mail system, such as hotmail or gmail.
  • They address you as “Dear customer” or some other non-specific greeting, rather than by your name.
  • They will try to make you think that there is a sense of urgency, i.e. “respond now or your account will be suspended”.
  • The link in the email does not quite match up with the organisations, even one character out and you will be sent off to another website.
  • You were not expecting to get an email from that organisation.
  • The email contains only images, including the text of the mail, this image is one big hyperlink that will take you to the fake site.

How to spot a fake website.

Most modern web browsers will automatic filters that can help to detect fake websites, Mozilla FireFox 2 and Internet Explorer 7 are two examples and can be downloaded for free. They’re not always 100% successful, so here are a few tips to help spot fake sites:

  • Use your instincts, if it looks even slightly wrong then it probably is fake.
  • The Website address is slightly different to the organisations regular address.
  • There is no padlock shown in your browser to show that it is a secure connection.
  • They are requesting personal information such as username, password or other details in FULL when you are normally only asked for some details.
  • Right clicking on a hyperlink and selecting properties should reveal the links true destination.

Ways you can protect yourself

  • Never click on a link embedded in an email, always type the web address directly into your browser.
  • Use a spam filter such as the email defence, this will block many of the fake mails.
  • Don’t give out personal information unless you initiated the contact and you are sure you know who you’re dealing with.
  • If in doubt contact the bank or website owner direct by telephone or email before proceeding.

For more information on this problem the UK Banking industry has produced this guide to safe online banking.