Falling for the phishing bait
If you have not yet heard about bank phishing (pronounced “fishing”) it is in your interest to find out about this scam. Phishing is a form of Internet banking fraud that criminals have found is an effective way of stealing, but it does not have the same risk of getting caught as street crime.
The phisher sends out scam e-mails designed to appear as if they come from a genuine bank. For example, you might find in your Inbox an e-mail saying that you are overdrawn by a certain amount and must contact the bank immediately. A link is provided to access additional information. Everything about the e-mail looks genuine. Is there not a good chance you will click on the link and find out what has happened to your account, or maybe you will opt to call the number provided?
That fateful click or call
What is going to happen if you click on this link or call the number listed? A click on the link takes you to a login site that appears, at first glance, to be the official Internet site of your bank. You enter your user name and password, and this information is added to the fraudster’s database. With some clever computer coding, you are then directed to the genuine bank Internet site where you find that you are not logged in. You need to login a second time to access your account. This is not an unusual situation and it is unlikely to arouse suspicion.
Meanwhile, your account details have fallen into criminal hands. In the time it takes you to find out what happened, they are already using your account details to withdraw money, try to take out loans and do other kinds of identity theft crime.
If you call the phone number included in the e-mail, it usually connects you to an operator employed by the phisher. This operator asks you for the personal details of interest to the fraud perpetrator.
Escaping from the Phisher’s clutches
Although the phishing scam operator does a good job imitating your bank’s web site, there are invariably a number of little mistakes which an alert bank customer can identify.
First of all, does your bank know your e-mail? In many cases, your bank does not have a record of your e-mail and so you know immediately that the e-mail is a fraud. Also, the URL supplied is won’t be exactly the URL of your bank. Look carefully for small spelling differences. Most people will not pay attention to these minor differences — you should make it your job to notice them.
A good rule to follow is never to click on a URL found in an e-mail that says its from your bank. Access your bank’s web site only though the URL bookmarked in your Internet browser. Suspicious emails of this kind should be reported to the bank so appropriate legal action can be taken.
One of the most important steps to take in protecting your identity is the protection of your social security number.