If you have been disturbed severally by hordes of fake banking emails, then this piece is indeed for you.
Fake emails are sent by criminals in order to get your money, or to
take advantage of your computer’s processing power and Internet
connection to launch attacks on other networks.
This practice, aka “phishing,” works by getting you to visit fake
websites to enter personal details, or by capturing personal details
directly from your computer.
The emails are often hard to spot and can look like they come from your bank.
According to blog.returnpath.com, phishing attacks are more rampant
than ever before, rising by more than 162 per cent from 2010 to 2014.
They cost banks, their customers as well as other organisations around
the globe $4.5bn every year and over half of Internet users get at least
one phishing email per day.
The best defence banks and other companies have against phishing
attacks is to block malicious emails before they reach customers.
Unfortunately, no matter what banks do, some phishing emails will
always make it to the inbox of their customers. And those email messages
are extremely effective: 97 per cent of people around the globe cannot
identify a sophisticated phishing email. That’s where customer education
comes in.
According to www.returnpath.com, here are some tips on how to
identify those emails and what to do if you suspect you’ve received one.
1: Don’t trust the display name
A favourite phishing tactic among cybercriminals is to spoof the
display name of an email. For example, the email carries the name of
your bank such that you think the email is coming from your bank.
This fraudulent email, once delivered, appears legitimate because
most user inboxes only present the display name. Don’t trust the display
name. Check the email address in the header; if it looks suspicious,
don’t open the email.
2: Look but don’t click
Hover your mouse over any links embedded in the body of the email.
If the link address looks weird, don’t click on it. If you want to test
the link, open a new window and type in the website address directly
rather than clicking on the link from unsolicited emails.
3: Check for spelling mistakes
Brands are pretty serious about emails. Legitimate messages usually
do not have major spelling mistakes or poor grammar. Read your emails
carefully and report anything that seems suspicious.
4: Analyse the salutation
Is the email addressed to a vague “Valued Customer?” If so, watch
out; legitimate businesses will often use a personal salutation with
your first and last name.
5: Don’t give up personal information
Legitimate banks and most other companies will never ask for
personal credentials via email. Don’t give them up. This personal
information include your Personal Identification Number, debit card or
credit card information, bank account number, Bank Verification Number
etc.
6: Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic.
Beware of subject lines that claim your “account has been suspended” or
your account had an “unauthorised login attempt.” Sometimes, such
phishing emails may tell you that your token device is about to be
deactivated or has been deactivated, asking you to click on a link to
reactivate it. They create a sense of urgency to prompt you to act
quickly. You need to be wary of such tones.
7: Review the signature
Lack of details about the signer or how you can contact a company
strongly suggests a phish. Legitimate businesses always provide contact
details. Sometimes, they may not include the name of the officer to
contact. At other times, they provide a fake name and contact details.
8: Don’t click on attachments
Including malicious attachments that contain viruses and malware is
a common phishing tactic. Malware can damage files on your computer,
steal your passwords or spy on you without your knowledge. Don’t open
any email attachments you weren’t expecting.
9: Don’t trust the header from email address
Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address
10: Don’t believe everything you see
Phishers are extremely good at what they do. Just because an email
has convincing brand logos, language and a seemingly valid email address
does not mean that it’s legitimate. Be sceptical when it comes to your
email messages; if it looks even remotely suspicious, don’t open it.
****
Via The Punch