Avoid those Fishy Emails!

July 6, 2016

With more consumers becoming tech-savvy and the growing interest in online shopping and banking, it is important to be aware of the pitfalls and little traps existing in the cyberspace with fraudsters ready to prey on them.

One such example is phishing email or a message sent to you in a bid to swaddle money. Fraudsters send fake emails or set up fake websites to trick you into disclosing your user name, password and credit card details.

Because these e-mails and web pages look legitimate, users trust them and enter their personal information. This practice is referred to as “phishing” — a play on the word “fishing” — because the fraudster is fishing for your private account information. These fraudsters trick you into providing your user name and password so that they can gain access to an online account.

Once they gain access, they can use your personal information to commit identity theft, charge your credit cards, empty your bank accounts, read your email, and lock you out of your online account by changing your password.

An example of a phishing email is: 

“Your Account has been suspended. We will ask for your password only once. We will charge your account once per year. However, you will receive a confirmation request in about 24 hours after the make complete unsuspended process. You have 24 hours from the time you’ll receive the e-mail to complete this request. Note: Ignoring this message can cause XX Company to delete your account forever.”

If you receive an email (or instant message) from someone you do not know directing you to sign in to a website, be careful! You may have received a phishing email with links to a phishing website.

Do not be fooled by a site that looks real. It is easy for phishers to create websites that look like the genuine article, complete with the logo and other graphics of a trusted website. Many of us have a tendency of being drawn by our emotions especially when we click like something on the website. Thus, consumers must be cautious at all times.

How to identify a phishing e-mail?

Company – These e-mails are sent out to thousands of different e-mail addresses. Often the person sending these e-mails has no idea who you are. If you have no affiliation with the sender the e-mail address is supposedly coming from, it is a fake email/address. For example, if the e-mail is coming from another bank which is different from yours.

Language – Improper spelling and grammar are almost always a dead giveaway. Look for obvious errors.

No mention of account information – If the online company or bank were sending you information regarding errors to your account, they would mention your account or username in the e-mail. Thus, that should ring a bell that it is a phishing email not meant for you.

Deadlines – E-mail requests an immediate response or a specific deadline. For example, in the above example, the requirement to log in and change your account information is within 24 hours.  

Link to a fake web site – To trick you into disclosing your user name and password, fraudsters often include a link to a fake web site that looks like the sign-in page of a legitimate website. Just because a site includes a company’s logo or looks like the real page does not mean it is the correct website.

Safety padlock icon – Look for https appearing in the internet address shown in the browser bar. The ‘s’ stands for secure e.g. https://examplewebsite.com A padlock icon will often appear in the browser bar too. If you click on this, you will see the website’s security certificate. Do not trust a padlock icon on the web page itself as this can be easily faked. The colour of the browser bar will turn green on some websites to show it is safe.

Links containing an official company name, but in the wrong location. For example: “https://www.yahoo.com is a fake address that doesn’t go to a real Yahoo! web site. A real Yahoo! web address has a forward slash (“/”) after “yahoo.com” — for example, “https://www.yahoo.com/” or “https://login.yahoo.com/.”

The Golden Rule is: Never follow any links in an e-mail. Instead of following the link in the e-mail, visit the page by manually typing the address of the company and avoid sending any personal information through e-mail. If a company is requesting personal information about your account or are saying your account is invalid, visit the web page and log into the account as you normally would.