Phishing scams are fraudulent email messages appearing to come from legitimate enterprises. By hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. These messages usually direct you to a spoofed web site or otherwise get you to divulge private information (e.g., password, credit card, or PPSN numbers etc). The perpetrators then use this private information to commit identity theft, or to drain your bank account of money.
In a typical scenario, a phisher sends a deceptive email, in bulk, with a “call to action” that demands the recipient click on a link. Examples of a “call to action” include:
• A statement that there is a problem with the recipient’s account at a financial institution or other business. The email asks the recipient to visit a web site to correct the problem, using a deceptive link in the email.
• A statement that the recipient’s account is at risk, and offering to enrol the recipient in an anti-fraud program.
• A fictitious invoice for merchandise, often offensive merchandise, that the recipient did not order, with a link to “cancel” the fake order.
• A fraudulent notice of an undesirable change made to the user’s account, with a link to “dispute” the unauthorised change.
• A claim that a new service is being rolled out at a financial institution, and offering the recipient, as a current member, a limited-time opportunity to get the service for free.
Here are some phrases that may be used in a phishing e-mail:
• “Verify your account”
• “Respond within 48 hours or your account will be closed”
• “Dear valued customer”
• “Click the link below to gain access to your account”
In each case, the web site to which the user is directed collects the user’s confidential information. If a recipient enters confidential information into the fraudulent web site, the phisher can subsequently impersonate the victim to
transfer funds from the victim’s account, purchase merchandise, take out a second mortgage on the victim’s home, file for unemployment benefits in the victim’s name, or inflict other damage, usually financial. In many cases, the phisher does not directly cause the economic damage, but resells the illicitly obtained information on a secondary market. Criminals participate in a variety of online brokering forums and chat channels where such information is bought and sold. There are many variations on deception-based phishing schemes.
The victim may have their identity stolen leading to any number of risks including:
• Financial fraud perpetrated under the victims’ name.
• Unauthorised use of the victims Credit Card / Bank Account
• Unauthorised enrolment in on-line sites such as pornography and betting sites.
If you suspect that you are a victim of phishing:
• Alert the relevant organisation and An Garda Síochána.
• Use up-to-date anti-virus and anti-spyware software. Up to date software can keep unwanted or malicious software at bay.
• Monitor your financial accounts and statements and notify financial institutions of any suspicious transactions.
• Change passwords regularly.
• Notify the company whose site is being forged or impersonated.
• Use an anti-phishing toolbar. Anti-phishing toolbars are included in many of the common Web Browsers. Ensure you have the most up to date version.
• Keep your Anti-Virus software up to date. Anti-virus vendors are also including Anti-Phishing toolbars with the latest versions of their products.
• Never respond to any unsolicited email or phone calls requiring personal information. No reputable company will ever ask for this kind of information.
• Ensure that any website requiring confidential information is using a secure connection. Always look for https and a pad-lock in the browser window and pay attention to error messages that the browser gives when it says a site cannot be trusted.
• Never send personal or confidential information in an email.
• Be suspicious of any emails / websites offering something too good to be true; it probably is.
• Be wary of websites you hand over your credit card details to. Try to ensure that you get a reference about a website before you trust them. Use only reputable and known brands.
• Never reveal your passwords.
• Monitor your bank account / credit card statements regularly and report any suspicious activity immediately.
• Install the Microsoft Phishing Filter using Internet Explorer 7 or Windows Live Toolbar. Phishing Filter helps protect you from Web fraud and the risks of personal data theft by warning or blocking you from reported phishing Web sites.