If someone called you out of the blue and asked you to provide them with personal information, would you give it to them? If a close friend asked you for your credit card information or where you hide your spare house key, you would probably be curious why they wanted that information and you would ask them questions to better understand the reasons behind their request.
Why then would you hand over personal information via an e-mail or on a web site to someone you don’t know or to an institution that requests information online?
You should always be vigilant when transmitting personal information over the internet. It could be intercepted or the person requesting the information could be imposters using a company’s logo or even an e-mail that resembles the one of a legitimist company or government agencies.
The Royal Canadian Mounted Police have some interesting tips to detect and prevent e-mail fraud or Phishing.
What is Phishing?
Phishing is a general term for e-mails, text messages and websites fabricated and sent by criminals and designed to look like they come from well-known and trusted businesses, financial institutions and government agencies in an attempt to collect personal, financial and sensitive information. It’s also known as brand spoofing.
- The content of a phishing e-mail or text message is intended to trigger a quick reaction from you. It can use upsetting or exciting information, demand an urgent response or employe a false pretense or statement. Phishing messages are normally not personalized.
- Typically, phishing messages will ask you to “update”, “validate”, or “confirm” your account information or face dire consequences. They might even ask you to make a phone call.
- Often, the message or website includes official-looking logos and other identifying information taken directly from legitimate websites. Government, financial institutions and online payment services are common targets of brand spoofing.
- E-mail Money Transfer Alert: Please verify this payment information below…
- It has come to our attention that your online banking profile needs to be updated as part of our continuous efforts to protect your account and reduce instances of fraud…
- Dear Online Account Holder, Access To Your Account Is Currently Unavailable…
- Important Service Announcement from…, You have 1 unread Security Message!
- We regret to inform you that we had to lock your bank account access. Call (telephone number) to restore your bank account.
Example of a Phishing E-mail
**In some cases, the offending site can modify your browser address bar to make it look legitimate, including the web address of the real site and a secure “https://” prefix.
Information sought: Social insurance numbers, full name, date of birth, full address, mother’s maiden name, username and password of online services, driver’s license number, personal identification numbers (PIN), credit card information (numbers, expiry dates and the last three digits printed on the signature panel) and bank account numbers.
What your information could be used for: Phishing criminals can access your financial accounts, open new bank accounts, transfer bank balances, apply for loans, credit cards and other goods/services, make purchases, access your personal email account, hide criminal activities, receive government benefits or obtain a passport.
If you receive one of these suspicious e-mails:
Report it to email@example.com or the institution that it appears to be from.
If you received one of these suspicious e-mails and you unwittingly provided personal information or financial information, follow these steps:
- Step 1 – Contact your bank/financial institution or credit card company
- Step 2 – Contact your credit bureau and have fraud alerts placed on your credit reports:
- Step 3 – Contact your local police
- Step 4 – Always report phishing. If you have responded to one of these suspicious e-mails, report it to firstname.lastname@example.org
How to prevent
- Be suspicious of any e-mail or text message containing urgent requests for personal or financial information (financial institutions and credit card companies normally will not use e-mail to confirm an existing client’s information).
- Contact the organization by using a telephone number from a credible source such as a phone book or a bill.
- Never e-mail personal or financial information.
- Avoid embedded links in an e-mail claiming to bring you to a secure site.
- Get in the habit of looking at a website’s address line and verify if it displays something different from the address mentioned in the email.
- Regularly update your computer protection with anti-virus software, spyware filters, e-mail filters and firewall programs.
- A number of legitimate companies and financial institutions that have been targeted by phishing schemes have published contact information for reporting possible phishing e-mails as well as online notices about how their customers can recognize and protect themselves from phishing.
- Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate.
Here at iTeract, we have seen other types of e-mail fraud, such as fake e-mails sent to customers that tell them that the internet is locked at their location and they must pay a fee to have the service unlock.
Another trick is someone who calls you and says they are working for a company and they noticed that your computer is sending out spam or is not working. There is no way for a person to match a telephone number with a computer. Reputable companies DO NOT call people at home an offer to fix their computer.