Online Banking Tip: Avoiding Phishing Scams
Phishing is probably the most common trick that online fraudsters use to gain unauthorized access to online services, where online banking is the number one target. The only way to prevent such from happening is to make sure you don't fall victim to such scams.
A phishing scam mostly makes use of social engineering and a few web browser exploits to be able to obtain personal information. It basically tricks the you, the user, into trusting the sender and thinking the email message is authentic, so that the user will voluntarily provide such information. (see Identity Theft through Email)
First of all, banks and other online services will NEVER ask you to provide sensitive information like your username and password in the email message. If they do, they will not ask you to provide it through an unsecure means. In most cases, these service providers will ask you to enter the main website which is secured by web encryption to provide or update information.
Some phishing emails also use exploits found in browsers known as XSS or cross-site scripting. This exploit tricks the user that he or she is entering her log-in details in the main site of the online service, not knowing the log-in screen is simply an imitation of the real one and the log-in information is not sent to the web server of the bank or other online service, but to the fraudster.
It is quite easy to spot and avoid phishing scams. Here are some tips:
- Never provide sensitive information through email.
- Never click on embedded links in an email message (links found inside the body of the message).
- If you have to log into the site, manually type in the URL of the site and log-in directly.
- Most banks address their clients by their real names, not generic ones like "Dear [name of bank/service] User" or "Dear Sir/Ma'am" . If you see a message like this, there is a big chance that it is a phishing message.
on 2008-10-14 at 00:57:45
How will I know if I've fallen victim to a phishing scam? I seem to remember giving my name and password to an email that looked like it was sent to me by my bank. I'm scared. I think I might have been a victim of this, or is continuing to be a victim of this. What shall I do?on 2008-10-12 at 20:50:51
Do you know that banks actually lose millions of dollars because of phishing scams? It's crazy to think that there are people who make so much money just tricking others to send them their personal information. I hope there comes a time when the Internet is completely secure against scams like these.on 2008-10-07 at 23:56:32
I've been sent a couple of these emails last month. I have heard about phishing scams before, so I just deleted them. Everyone, never put your password and username on emails! If the email asks for it, then it's most definitely a phishing scam.on 2008-09-18 at 20:28:28
Most leading browsers now, especially FF3, are already designed to combat phishing and other online scamming methods by scrupulous websites. It is better that you browse your banking sites with them.