A poorly written, plain text email requesting sensitive information arrives in your inbox from a sender you have not interacted with before. Without much thought you delete the email, writing it off as bogus.
Further down you come across an email with the subject: Update Your Account Information. In the sender column is your bank’s name. The HTML email is well formatted, using the colours, layout, font, and logo of your bank. The email states that as a security measure, you will no longer be able to access online banking unless you update your account information. Beneath this message is a hyperlinked sentence which reads, ‘Sign in to update your account information’. The email is signed from your bank’s customer service team.
Imitation, once considered the sincerest form of flattery, is being used as a weapon to enable cyber criminals. It’s easy to think that you would recognise a fake email, text, or website, but as phishing attacks are becoming increasingly more sophisticated, more and more people are unfortunately falling victim.
Phishing emails purporting to come from your bank, or other trusted organisation, rely on looking and sounding as convincing as possible. It is therefore important to pay close attention to any email that is asking you to provide any information, such as logging in or verifying your details.
Clicking a link in a phishing email will often take you to a fake website. In the same way that the email looked convincing enough for you to click on the link, the website will also appear genuine. By entering your log-in details on the fake site, you are unwittingly giving these details to those operating the scam, who will then use them to commit fraud by accessing your real account.
Recognising Fake Emails and Websites
Upon closer inspection, there will be small signs that should raise suspicions even with the most authentic looking emails and websites.
False email address
An email might have your bank’s name as the sender, but hovering over this name, or clicking on the name, should reveal the full email address from which the email was sent. Phishing emails will often originate from emails such as firstname.lastname@example.org, or email@example.com. If in doubt, contact your bank to ask if the email address is genuine.
Uses an incorrect URL
Before following any links in an email, hover your mouse pointer over the link to see where it will direct you. If it doesn’t look like it will take you to where you are expecting to go, don’t click on it.
Always double check the URL at the top of your browser to see if it is genuine. Phishing websites will often use domain names that look very similar to the website they are imitating, such as yourbankk.com instead of yourbank.com.
Is not a secure site
A legitimate site will be issued a security certificate to prove that it is a trusted website. Banks and other e-commerce websites will use encryption to ensure your payment information is secure. You can check to see if this is the case by looking for the padlock symbol and https:// (as opposed to http://) in the URL bar at the top of your browser. Do not enter any payment information on a site that isn’t secure.
If you are unsure whether an email, text, or website is genuine, contact your bank or the organisation directly to ask for verification. Remember that a real bank would never ask for your bank account information or your credit card and PIN numbers via email. Despite phishing becoming more sophisticated, awareness and remaining vigilant will go a long way in keeping you safe.