phishing home Search

Phishing and spoof emails - A ShoppingTrolley guide to keeping your personal information secure.

What is Phishing?

"Phishing" is an attempt to get you to part with your personal banking, eBay, Paypal or other details by criminals wanting to steal your identity for nefarious purposes. Typical attempts are emails purporting to be from your bank, eBay or Paypal, asking you to sign in to confirm your personal details. You click on the link in the email that you have received (that in many cases looks like it could genuinely have been sent by the organisation in question) and are lead to a bogus website that appears to be that of the legitimate company. You submit your personal details to "log on", and then the criminals have your personal information that they can either use themselves or sell on. Phishing emails such as these requesting information are typically called "spoof emails".

How can I stay safe from Phishing?

spoof emails and identity theftHere are a few tips:

  1. Never click on a link in an email from a financial organisation. If you are in any doubt as to whether the email is genuine or not, go directly to the website concerned by typing the URL into your browser and log in the normal way there. One way to tell if the link in your email is "dodgy" - let your mouse hover over the link so that the URL is displayed. It will often say something like http://www.ebay.com.phishingdomain.com/logon.htm, where the URL is set up to look legitimate - but on closer expection, it isn't.
  2. If you do click on the link and are asked for login details, is the website secure? All financial websites will display the padlock at the bottom of your browser so that the website is secure. Phishing websites are mostly not secure. In addition, try inputting false data. Chances are, a phishing website will let you login with anything.
  3. Never put your personal information or account details in an email, not even to a legitimate organisation. Emails are not a secure way of sending this type of information.
  4. Do not pay any attention to the email address in the "from" part of the email. These email addresses are easy to alter to anything that the sender requires.
  5. Telltale signs of phishing emails include:
    • Warnings of account suspension, unauthorised transactions, unauthorised access to your account, requests for you to confirm your details and similar subjects.
    • Many phishing emails will not address you personally eg "Dear Mandy", but generically eg "Dear Account Holder".

For further information, visit www.antiphishing.org

Identity Theft in General

You don't have to have a computer to become a victim of identity theft. A criminal will use any means of getting confidential information from you - the computer and internet are just one of their tools. Make sure that any paperwork that you discard that contains confidential information - eg bank statements, credit card and utility bills etc are shredded. ID thieves will search through dustbins to locate your personal details. You also need to be aware about giving out your details over the 'phone. If an organisation rings you up, purporting to be, for example, your credit card company, how do you ensure that they are who they claim to be before giving out your personal details? If you have any doubts, ring the organisation yourself using a known telephone number, eg the one on the back of your credit card, to avoid giving out your personal details to a scammer.

If you have a website or ever post personal details online, be wary about giving out the names of your pets, your date of birth, your national insurance number and definitely not your mother's maiden name. Many of these details are used in security checks and as passwords. If you have posted any of these details in an online CV, you should remove them.