What is Phishing?
Phishing is the attempt by fraudsters to acquire sensitive information such as usernames, passwords, online banking or card details, via email, by masquerading as a trustworthy entity, such as your bank or financial institution. The information they gain is then used to access your bank account or card.
The criminal typically sends thousands of generic emails out (like bait when fishing) to people whose email addresses they have obtained from an unknown source, in the hope of getting a “bite”. These emails tend to have generic greetings such as “Dear Customer” or “Account Holder”. However, in some cases a tactic called “spear phishing” is used. In these cases the fraudster has some detail about the target (frequently sourced through social media) and may use their name or some other specific details about them in the email.
The emails try to trick people into clicking on a link in the email by claiming that they need to “update”, “verify” or “reactivate” their account or that they can claim a refund. The link brings the victim to a bogus website (which may look like the genuine company’s website) where they are asked to key in their financial or security information. Another variation of phishing is that the victim is asked to fill in a form which is attached to the email and to email it back.
The email often imparts a sense of urgency, threatening that your account will be blocked, closed, deactivated or that you will suffer some other negative consequence, if you do not act immediately.
In recent year’s phishing emails masquerading as email communications from banks, card issuers, PayPal, utility companies, An Garda Síochána and Revenue have been common.
How to avoid a Phishing attack?
- Anti-phishing toolbars are included in most web browsers. Ensure that you use the most up-to-date version
- Ensure that your anti-virus software is kept up to date
- Never respond to any unsolicited emails or phone calls that request personal, financial or security information
- Never visit a website from a link provided in an email and then enter your personal details because this website could be a fake website
- Ensure that websites on which you use confidential information have a secure connection. The http: should change to https:// when a site is secured
- Look out for the padlock in the browser window, which shows the connection is secured
- Heed the messages that appear in the browser alerting you to possible attacks or suspect websites
- Avoid sending personal or security information in an email
- Make sure you check your bank statements regularly and report any unusual account activity to your bank or card issuer
- If you think you have been a target of phishing or have visited a phishing site and provided your details contact your bank immediately.