Phishing

'Phishing' for your Dollars

Phishing, also call brand spoofing, is a form of Internet fraud in which e-mail messages are used to lure the unsuspecting to web sites that are replicas of sites used by legitimate businesses. These web sites are used to trick users into divulging credit card numbers, bank account information, and passwords that will be used to commit fraud.

Phishing attacks normally are initiated through an e-mail. It will come disguised as a message from your financial institution or a familiar Internet merchant. Even though the message looks legitimate, it may not be.

How can one tell the real thing from the fake? Here are some things to look for:

WARNING SIGN #1: Soliciting Personal Information by E-Mail

Financial institutions and reputable on-line retailers do not send e-mails asking for personal information. Any e-mail that claims to be from a reputable source but asks for such data is most likely a phishing expedition.

WARNING SIGN #2: Badly Written E-Mail

Read the message closely. A professional company will not issue any communication containing basic grammatical and spelling errors. A high proportion of phishing e-mails contain such fundamental errors.

WARNING SIGN #3: Hidden Addresses & Sources

Phishing attacks redirect you somewhere other than where they claim to be going. Check to see if the web site you reach by clicking on the address in the e-mail is the same as the one shown in the e-mail. If it isn?t, leave the site immediately. Look at the name of the web site shown in the e-mail. Reputable on-line businesses ensure that all their customer accessible web sites contain the company?s name in the address. If you don?t see that, you probably haven?t reached the real web site.

WARNING SIGN #4: Asking for Personal Data

Receiving an e-mail from your financial institution asking you to go to their web site should set the alarm bells ringing. That is not normal business practice for any financial institution. Don?t click on the web address in the e-mail. Call your financial institution to confirm if they have sent you a message.

WARNING SIGN #5: Threatening Legal Sounding Messages

Consider the source. Would you expect your favorite on-line retailer to send a threatening notice? Not likely. If you receive a threatening e-mail, it probably isn?t legitimate. If you think it may be, call the company instead of responding to the e-mail.

 

Take Action

The simplest way to protect yourself from phishers is to avoid clicking on any unexpected link in an e-mail message. Do not reply to e-mails soliciting personal information. Having safely ignored the suspicious e-mail, report it.

 

A significant proportion of on-line fraud goes unreported. Some people are too embarrassed to admit they?ve been taken in. Others simply don?t know what to do.

 

If you do spot something suspicious, go to the company?s real web site ? the one that looks like www.companyname.com. Most sites have an option on their home page labeled ?Contact Us? or something similar. Use that to report the phishing attempt. If you have gone so far as to provide sensitive personal information before realizing you may be a phishing victim, report the matter to your local police and keep a copy of the police report. You may need that documentation to resolve any fraudulent transactions.

Go on-line to www.recol.ca, the web site for Reporting Economic Crime On-Line. This site is administered by the National White Collar Crime Centre of Canada and is supported by the RCMP and other law enforcement agencies. You can also call, toll-free to PhoneBusters , the Canadian Anti-Fraud Call Center at 1-800-495-8501.

 

Put your Knowledge to the Test

Think you?re ready to avoid the phishers trying to separate your from your money? Take the anti-phishing challenge by going to http://www.sonicwall.com/phishing/.

 

Credit cards and debit cards have become the most popular payment options for Canadians. Most people today prefer paying with plastic to handing over cash and cheques. At the same time, the incidents of debit and credit card fraud are also growing.

 

SKIMMING

Skimming occurs when the information contained on your debit card is stolen and then counterfeited and used to obtain funds from your account without your authorization. Card reading devices are used to obtain the electronic data from the magnetic stripe on your card, and hidden cameras or false personal identification number (PIN) pads are used to obtain your personal access code.

 

Skimming can occur at an ATM where a card reader is placed on the ATM itself, or the entrance door to the ATM. A hidden pinhole camera is used to capture your PIN. It can also take place at point-of-sale (POS) terminals; the merchant usually swipes your card in the legitimate terminal, and then swipes your card a second time in a card reading device. The three ways that your PIN can be obtained is by a video camera, someone watching you, or a false PIN pad.

 

There are many ways you can reduce the risk of becoming a victim of debit and credit card skimming. The easiest is to learn to recognize the various forms of card fraud and use the preventative tips provided below.

            1. Keep your card in a safe place and never lend it to anyone.

            2. Protect your PIN; it is the key security feature on your debit card. Use your hand, body or  wallet to shield your PIN when using an ATM or POS terminal.

            3. Always memorize your PIN. Never write it down, and don?t use a number that would be easily identified. (i.e.: date of birth, address or phone number).

            4. Changing your PIN regularly will help reduce the risk of card skimming.

            5. Never disclose your PIN. No one from a financial institution, police service, or business should ever ask for your PIN.

            6. Look for physical alterations on ATM and POS terminals. If they look suspicious do not use them and inform the financial institution or merchant immediately.

            7. Keep an eye on your debit card when conducting a transaction; only allow your card to be swiped once. Whenever possible, swipe the card yourself and remember to take your card and the transaction record with you when you leave.

            8. Be alert. Make sure no one is looking over your shoulder. If someone is watching you or makes you feel uncomfortable, cancel the transaction and use a different machine.

            9. Always conduct your ATM transactions when and where you feel most secure. If you feel uncomfortable using a specific machine, use it later or go to another location.

            10. Check your bank account regularly and compare your transaction records against your financial statements. If you detect any unusual account activity, contact your branch immediately.

            11. If you are having trouble using an ATM, DON?T ask the person in line behind you for help. Go into the credit union or financial institution and ask a teller for help and training on how to use the machine. Never trust a stranger.