It could happen to anyone… Take Steve, for example. He walked into the office one morning, settled down in front of his computer, and started going through his email. One grabbed his attention immediately: His bank had written to let him know that an unusual transaction had been charged to his credit card.
The message said that the transaction was being processed and that he would have to act immediately if he wanted to cancel it. He clicked on the secure link in the email, https://www.security-bankxyz.com, which brought him to a page where he was asked to fill out a form with his first and last names, credit card number, PIN, password and date of birth. Then he selected the Cancel the transaction box.
He hit Send and breathed a sigh of relief after his close call. His good mood lingered until he got his next statement and was faced with a shock: Someone had racked up several thousand dollars' worth of transactions to his card!
It wasn't a close call after all. He got caught.
Phishing: A growing menace
Phishing is a technique used by fraudsters to try to acquire sensitive information that can be used to steal your identity.
How does it work? A con artist convinces a victim of their bona fides by pretending to be their bank, credit card administrator, etc., to try to extract personal information. Phishing can be done via email, falsified websites, or other electronic means.
After clicking on a link or an email attachment, the user is directed to a fake banking website that contains input fields that will be used to collect personal information (ATM card number, password, SIN, date of birth, etc.).
From its relatively primitive origins, phishing has become a sophisticated scam, and Steve's story is a good illustration of the modern techniques these fraudsters use:
The email Steve received suggested that a thief was using his credit card to make major purchases, and told him to act immediately to prevent the transactions from going through. This succeeded in creating a feeling of panic and urgency—one of the first things fraudsters will do to try to work their con.
Fraudsters have ingenious ways of making these emails look legitimate: Logos, visuals, formal language and links (or documents) that appear secure and often contain the name of a financial institution.
When he saw the name of his financial institution and the https:// address, Steve didn't even question it. Though if he had glanced at the address bar, he probably would have noticed that the address there was not the address he thought he had clicked on.
And when the page opened, it probably looked so much like his bank's home page that it would be hard to tell them apart.
Web users are increasingly aware of the dangers of phishing, but fraudsters are aware that their targets are aware, so they're taking a more subtle approach.
Steve might have been suspicious if they had asked him straight away to "confirm his banking information," but the email he got distracted him with a fictitious fraud being perpetrated on his credit card. And it distracted him enough that he forgot to be suspicious about providing his personal information!
Recognize phishing, and protect yourself
Steve's story isn't an isolated case; the same thing happens to thousands of people every year. But no matter how clever the fraudsters are, we can outsmart them by remembering one simple thing: All they're after is our personal information.
Here are some handy tips that you can use to avoid being phished:
Be suspicious of any emails or text messages that ask for personal or financial information right off the bat
Contact the institution or the company using a number you can rely on (from a phone book or a statement)
Never send personal or financial information by email
Don't click on links that appear in an email claiming to direct you to a secure site
Get in the habit of checking the address bar of the website you're visiting to see if it matches the address in the email
Keep your antivirus software, antispyware software, email filters and firewalls up to date to make sure your computer is protected
Check your bank and credit card statements regularly to make sure that all of the transactions are legitimate
To find out more, check out the Frequently asked questions about phishing section of the Desjardins Group website.
Sources:
Desjardinsfinancialsecurity.com: Prevent fraud and protect your assets, 2011.
Royal Canadian Mounted Police (RCMP) website E-mail Fraud / Phishing, 2010.
Wikipedia: Phishing