Phishing Scam Awareness – How to Identify a Phishing Attack, and How to Respond if You Receive a Suspicious Communication
Phishing is defined by Oxford Dictionaries as:
“The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal their personal information, such as passwords and credit card numbers.”
Once they have obtained the information, the fraudsters may then use it to make payments in your name, and, in the worst case scenario, may even steal all the funds in your account.
Although this definition specifically refers to email communications, you should be wary of attempts made via other communication channels as well. Phishing conducted via text message is sometimes referred to as ‘Smishing’ (SMS phishing); and phishing conducted via telephone is sometimes referred to as ‘Vishing’ (voice phishing).
The above definition refers to the sender/ caller falsely claiming to represent a reputable company, and, as one of the companies whose name has been used by fraudsters in the past, Wonga South Africa has published guidance on its website, which its customers would do well to read.
Research by Symantec estimates that criminals across the globe make as many as 135 million phishing attempts every day. Therefore, this really is a serious problem, and everyone needs to be aware of the main ways in which they could be subjected to a phishing attack:
- You are informed that you need to update your account details with your bank or other financial company, perhaps because the message claims there has been a security breach. However, the email will not be from the actual company, and may instead direct you to a cleverly disguised copy of the company’s website. Any information you enter on this site will then be seen by the fraudster
- You are told that your credit/ debit card has been disabled as there may have been a case of identity theft. You are asked to provide you card information to allow the sender/ caller to resolve the problem, but of course the other person does not work for your card issuer, and is instead a scammer trying to obtain your card information for their own ends
- You are informed that your computer is infected by viruses, and that the caller can fix it. When the caller then asks for your account details so they can take payment for the service, they instead steal a much larger sum, and don’t carry out any repairs to your computer
- You are sent an email with an attachment, but when you open that attachment, malware and viruses are downloaded onto your computer
- You are sent a message that appears to be from the CEO or another senior manager at your place of work, instructing you to make an urgent payment to a specified bank account. However, the message will not be from the CEO, and any payment you make will go to the fraudster
Signs of a phishing attack might include:
- The message contains poor spelling and grammar
- The company is asking for personal information, of which it should already be in possession
- You are told you need to act urgently to resolve the issue
- A bank website which the message directs you to allows you access even though you mis-type your usual online banking password
- The message does not address you by name, and may instead say Dear Valued Customer, or similar
If you suspect that you may be subject to a phishing attack, then contact the company or person claiming to have sent the message immediately. Financial companies may have any number of legitimate reasons for wanting to contact you from time to time, so it is possible that the message is genuine.
However, in cases of voice phishing, try wherever possible to wait five minutes before calling back, and if possible, call on another phone. It is possible for the fraudster to remain on the line, and not hang up, so when you think you are calling the company’s customer service department, you are in fact speaking to the criminal. Fraudsters can also use software that alters the number on the caller display, so just because the number which appears on your phone is that of your bank, lender, etc. don’t automatically assume it’s genuine.