“Phishing” is a term used for unsolicited email messages from allegedly legitimate companies that trick innocent victims into divulging personal information. This scam is known as “phishing” or “brand spoofing.”
Legitimate financial institutions would never ask you to respond via email to any requests for confidential, private, or personal information such as your password, your customer card number, or your login information. In truth, you should never, ever send personal identification numbers or confidential information of any kind by email, since it is not a secure method of contact.
So, how do you spot a scam? These phishing emails often urge you to click on a link or attachment for any of the following reasons:
- To change or update your personal information
- To invite you to enter a contest
- To warn of possible suspension of your client card or account
- To invite you to apply for products
After clicking on an attachment or link from an unsolicited email, the user is usually taken to a phony site that requests confidential information, which could include any of the following:
- Bankcard numbers or user IDs
- Account numbers
- Personal identification numbers (PINs)
- Credit card numbers
- Social insurance numbers (SINs)
- Any other personal or private information
These scams are designed most often to impersonate the look and feel of an authentic site. They contain a web address with the “@” symbol or a numeric address (e.g., 123.456.7.8). The address may also include the word, phrase, or text of a company name (e.g., “ABC”) to make it appear genuine.
How do you protect yourself? You can help protect yourself quite easily from email fraud and sites that request your personal or banking information if you remember these simple rules:
- If you encounter a suspicious-looking unsolicited email that appears to be from a bank or other financial institution, do not reply or click on the link. Instead, contact the institution immediately and report the attempted fraud.
- Review all your financial statements on a regular basis to check for any unauthorized or suspicious transactions. Never send personal or financial information to anyone by email.
- Do not immediately assume that an email has come from a legitimate source, just because the “from” line logo, or image appears to be legitimate. They can easily be forged with the kind of graphics technology available today.
- You should always be suspicious of email attachments from unknown sources. If you do not know or recognize the sender of an email, do not open any attachments, regardless of the circumstances.
- Never click on links in email messages from unknown sources. A link in a phishing email will take you to a bogus website that has been designed to look real. If you want to log in to your bank’s online services, type the URL into the address/location window on your web browser; or save a link in your favourites list and go from there.
- Don’t ever trust offers of money or threats of legal action. Also, do not be fooled by warnings about “security compromises” or “security threats.” Swindlers and charlatans will often make such claims in an attempt to frighten people into disclosing personal information to resolve the alleged threat.
- When you receive emails, you should run your anti-virus software to ensure they don’t contain any viruses.
- If you think you may have received a counterfeit email or disclosed any confidential information, or if you have any other security concerns, call your bank or financial institution for advice on what steps you should take.
By taking all the precautions given above, you should be able to safely avoid falling into the hands of the multitude of phishing email scam artists who are constantly on the prowl.