Phishing scams are considered to be the most commonly used method of identity theft.
Phishing, carding or spoofing refers to a criminal practice where a fraudster will send an email claiming to be from a bank or other legitimate organisation.
They’ll then ask you for your personal details including your account details, giving them access to your account and everything in it.
Phishing scams are typically carried out via email, but you can also be targeted through social networks, forums, or other places wherein you can receive messages. Whatever the case may be, hacking is not needed because you are the one who willingly provides the information to the scammer.
Here are some ways on how to determine phishing emails and stay protected.
Identifying an email phishing scam
1. You receive an email asking for details such as:
- Your name and address
- The password or PIN for your account
- Your bank account number
- Your credit card/debit card number
- Your card validation code (known as a CVC or CVV)
Most banks and organisations will never ask for your details through an email, so if you're being asked for them be suspicious.
2. The email has incorrect spelling or grammar. It's hard to spot a spelling or grammar error in emails or letters received by your bank, because they are generally proof read. Criminals don't have this kind of foresight, so it's common that phishing scams will include errors.
As you can see from the bottom of this scam email, there are many spelling and grammar mistakes, including the sender's name. Also note the incorrect capitalisation of certain words and the missing capitalisation of the sender's name.
3. Links which send you to third party websites. Many phishing scams will include a link to a supposedly legitimate site, but these links can instead download a file onto your computer or otherwise help a criminal get access to your details. If you do click the link because you think it's genuine, you can check if it's a secure website by looking for 'https' in the address bar, and by looking for the lock sign.
4. Urgent threats or information which are too good to be true. Many phishing scams will try to evoke a sense of urgency to get you to respond quickly and forget about your internet safety. These may include threats to close your account, offers of free money and other far-fetched claims.
5. The email is said to be from a popular organisation or your bank. Phishing scams will attempt to deceive you into thinking they have been sent from a legitimate company. To fly under the radar they may include fake graphics and other logos, so carefully look at the logo or other graphics on the real website of the organisation if you're unsure.
6. The email has suspicious attachments in it. Think about the last time an organisation like Facebook or your bank sent you an attachment. Be careful of attachments ending in .exe, .scr, .zip, .com and .bat. If you think the email might be real call up the organisation to confirm if they've send the email and the attachment.
Other ways to spot a phishing scam
There are many other ways in which criminals can be caught out when it comes to a phishing scam. Here are some:
- Suspicious email greeting - Many companies which you regularly deal with will use at least your first name in their email greeting, whereas phishing emails will almost always use a generic greeting.
- The body of the email message is an image. Many phishing scams today are detected before they even reach your inbox due to inbuilt security measures, so criminals will try to slip under this protection by making the body of the email an image. In many circumstances the image will be a link, so if you hover your mouse over it the cursor will turn into a hand.
- You receive an email from an organisation but they send it to an address different to the one you supplied. This is a fairly good indication that the email is fraudulent, as an organisation such as a bank will only send emails to the supplied addresses.
This is a common phishing attempt. As you can see, the email purports to be from Westpac (which I hold no accounts with), has poor formatting and grammar, as well as a suspicious looking attachment.
How to protect yourself from phishing
Knowing how to spot phishing is a big step in the right direction. In addition to this, try the following tips.
Call the organisation.
If the email claims to come from a real organisation and you feel it could be a scam, give them a call to verify the email. They'll be able to tell you if it's real or not. Never call any numbers listed in the email—instead do a quick search for the organisation's real website and find the number listed on that.
Never give out personal information through an email unless you trust the source
Go through the steps listed above when confronted with a suspicious email and decide whether or not to trust the email. Rarely will a bank request personal information over an email so use this information to your advantage.
Never open emails in the spam folder of your inbox
Most email inboxes today automatically filter out 'spam' from your inbox. Spam messages are identical copies of the same message sent to many people at one time. Many of these are attempts to get personal details or sell services or products, and should be avoided at all costs.
You may also wish to report the email to SCAMwatch, and in the event you've supplied your personal details to who you think is a criminal, contact your bank immediately.
Use an identity protection service
You can use services such as Secure Sentinel to receive an alert whenever your credit file is used to apply for any new form of credit. This can help reduce some of the risk if someone gets hold of your details through phishing.