Web Scam Alert: Phishing
By Bob Peters, WEBtech
Answer Below |
Your mother helped raise and protect you by giving you good advice, such as "Don't talk to strangers".
Mom's advice is even more worthwhile in the online world. We've learned to be wary of strangers (SPAM, viruses) and even of strangers offering candy (The old "I've inherited $30 million and I need your help" scam). But here's another word of advice from Mom that bears remembering:
"Beware of wolves in sheep's clothing".
One of the most dangerous web scams out there is "phishing", and it is starting to hit more and more Canadians.
Phishing is basically the act of pretending to be somebody else in the hope of securing personal or sensitive information. Scam artists pretend to be someone (or some company) you know and trust, in the hope that you will give them your information, such as a credit card number or banking password.
These wolves are pretty good at pretending to be sheep. They often "borrow" company logos and send very official looking e-mails. Here is a recent example of an e-mail that appears to come from one of Canada's largest banks:
On first glance this looks legit. If you were a customer of RBC, you may be tempted to click on the link as instructed. However, sober second thought might indicate that the RBC Financial Group would rarely send such an e-mail to their customers. So how can we be sure?
One Solution: Check the Link
The easiest way to determine if the e-mail is legit is to simply place your cursor over the link (don't click, just hover the cursor) and examine where you are being directed. Your e-mail program will popup a yellow tool-tip window with the true address of the link. In the example above, the link does not take you to an RBC website, it takes you to "nowaywolfowitz.org". This website was once a legitimate site, but it is no longer.
When checking links, remember, the most important part of the website address is the first part, the true domain. Anything that comes after the primary suffix (.com .ca .net .org etc.) is simply a sub-folder.
If the addresses don't match up, don't click
A simple rule to practice is to always check a link in this manner before clicking on it, and if the addresses don't match up, don't click. This tip also works in your browser (what you use to view web pages), however the address appears not as a tool-tip, but rather in the bottom "Status Bar" part of the browser window (IE).
If you are not sure, phone instead
Another way to be absolutely sure is to phone instead of clicking on a link. Most banks and organizations rarely send out unaddressed e-mail asking for personal information. If you are not sure an e-mail is legit, then call and ask for confirmation. Be sure to use the right phone number, ignore any phone number in the original e-mail!
In many cases, the organization has learned about the phishing attempts and will publish a warning bulletin. Click on the bottom link to read the one from the RBC Financial Group:
(Use the cursor hover trick you just learned to make sure the link above is accurate!)
Popular Examples of Phishing
The above example displays a fake e-mail that pretends to be the RBC Financial Group. The identities of other Canadian banks and organizations have also been used in similar scams, which starts to hit closer to home for Canadians. Other recent examples of phishing have seen fake e-mails displaying the logos of:
- eBay
- PayPal
- Microsoft
- Visa
Where does the term "Phishing" come from?
The term phishing derives from Password Harvesting and the use of increasingly sophisticated lures to "fish" for users' financial information and passwords.
P + H + Fishing = phishing
(Source: Wikipedia)
Report Phishing
You can report any suspicous e-mails your receive to PhoneBusters, a national anti-fraud call centre jointly operated by the Ontario Provincial Police and the Royal Canadian Mounted Police.
Answer to the Question At the Beginning of the Article
At the beginning of this article, we displayed an image of an e-mail that appears to come from the Desjardins group of Caisse Populaires (a financial services company in Canada). The answer is no, the e-mail pictured is fake. This just goes to show you that some wolves even speak French. Beware!
Additional Resources
Here are some links to additional information:
Read more articles in the Library section.
|
