What is Phishing?
Phishing is a general term for e-mails, text messages and websites fabricated and sent by criminals and designed to look like they come from well-known and trusted businesses, financial institutions and government agencies in an attempt to collect personal, financial and sensitive information. It's also known as brand spoofing.
- The content of a phishing e-mail or text message is intended to trigger a quick reaction from you. It can use upsetting or exciting information, demand an urgent response or employe a false pretense or statement. Phishing messages are normally not personalized.
- Typically, phishing messages will ask you to "update", "validate", or "confirm" your account information or face dire consequences. They might even ask you to make a phone call.
- Often, the message or website includes official-looking logos and other identifying information taken directly from legitimate websites. Government, financial institutions and online payment services are common targets of brand spoofing.
E-mail Money Transfer Alert: Please verify this payment information below…
- It has come to our attention that your online banking profile needs to be updated as part of our continuous efforts to protect your account and reduce instances of fraud…
- Dear Online Account Holder, Access To Your Account Is Currently Unavailable…
- Important Service Announcement from…, You have 1 unread Security Message!
- We regret to inform you that we had to lock your bank account access. Call (telephone number) to restore your bank account.
Example of a Phishing E-mail
In some cases, the offending site can modify your browser address bar to make it look legitimate, including the web address of the real site and a secure "https://" prefix.
Information sought: Social insurance numbers, full name, date of birth, full address, mother's maiden name, username and password of online services, driver's license number, personal identification numbers (PIN), credit card information (numbers, expiry dates and the last three digits printed on the signature panel) and bank account numbers.
What your information could be used for: Phishing criminals can access your financial accounts, open new bank accounts, transfer bank balances, apply for loans, credit cards and other goods/services, make purchases, access your personal email account, hide criminal activities, receive government benefits or obtain a passport.
If you receive one of these suspicious e-mails:
Report it to email@example.com or the institution that it appears to be from.
If you received one of these suspicious e-mails and you unwittingly provided personal information or financial information, follow these steps:
- Step 1 - Contact your bank/financial institution or credit card company
- Step 2 - Contact your credit bureau and have fraud alerts placed on your credit reports:
- Step 3 - Contact your local police
- Step 4 - Always report phishing. If you have responded to one of these suspicious e-mails, report it to firstname.lastname@example.org
How to prevent
- Be suspicious of any e-mail or text message containing urgent requests for personal or financial information (financial institutions and credit card companies normally will not use e-mail to confirm an existing client's information).
- Contact the organization by using a telephone number from a credible source such as a phone book or a bill.
- Never e-mail personal or financial information.
- Avoid embedded links in an e-mail claiming to bring you to a secure site.
- Get in the habit of looking at a website's address line and verify if it displays something different from the address mentioned in the email.
- Regularly update your computer protection with anti-virus software, spyware filters, e-mail filters and firewall programs.
- A number of legitimate companies and financial institutions that have been targeted by phishing schemes have published contact information for reporting possible phishing e-mails as well as online notices about how their customers can recognize and protect themselves from phishing.
- Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate.