Phishing: Don't Get Hooked!!!

Phishing is the attempt by someone to “fish” for account details from unsuspecting people.

Phishing attempts have been around for a while now, starting in the late 1990s, looking for login details to the AOL service. Since then, the rise of the internet and most particularly the rise of internet banking has seen a proliferation in phishing attempts. Initially they were often poorly worded, contained spelling mistakes and poor grammar. Current phishing attempts usually arrive in the form of an unsolicited email that purports to be from a financial institution, your bank for example. These attempts are getting more and more sophisticated and are getting harder and harder to spot. Their aim is to direct you to a site that looks like the financial institution they claim to be and get you to enter your username/PIN and password.

How to detect the bait?

  • Spelling errors
  • Grammatical errors
  • Incorrect colour schemes for your financial institution
  • Financial institution asking for personal information by email
  • The name of a URL the email wants you to go to doesn’t match the address displayed in the status bar:

Eg: Please vist to verify your details.
However, when you place your mouse over this link it shows up as

How to protect yourself:

  • Never reply to any email with your username/PIN and password, your institution will never ask for it that way.
  • Never click on an email link to get to your institutions webpage, type it in by hand.
  • Confirm your connection is encrypted - a padlock will appear in the bottom right hand side of your web browser.
  • Verify the site is what you think it is by double-clicking the padlock to display the certificate
  • Have up to date anti-virus and anti-spyware software
  • Close all your copies of the internet browser at the end of your banking session

In the future, with the rise of VoIP telephony be prepared for phishing scams via the phone!!!!!