Avoiding Phishing Scams

“Phishing” involves the use of fraudulent emails and copy-cat websites to trick you into revealing valuable personal information — such as account numbers for banking, and the login IDs and passwords you use when accessing online services providers. The fraudsters who collect this information then use it to steal your money or your identity or both.

When fraudsters go on phishing expeditions, they lure their targets into a false sense of security by hijacking the familiar logos of established, trusted brands. A typical phishing scam starts with a fraudster sending out an email that appears to come from a legitimate company.

The email will usually ask you to provide valuable information about yourself or to “verify” information that you previously provided when you established your online account. To maximize the chances that a recipient will respond, the fraudster might employ any or all of the following tactics:

1.“From” an Actual Employee — The “from” line or the text of the message (or both) might contain the names of real people who actually work for the company. That way, if you contacted the company to confirm whether “John Smith” truly is “Customer Services Manager,” you’d get a positive response and feel assured.

2.URLs that “Look Right” — The email might include a convenient link to a seemingly legitimate website where you can enter the information the fraudster wants to steal. But in reality the website will be a quickly cobbled copy-cat — a “spoofed” website that looks for all the world like the real thing. In some cases, the link might lead to select pages of a legitimate website — such as the real company’s actual privacy policy or legal disclaimer.

3.Urgent Messages — Many fraudsters use fear to trigger a response, and phishers are no different. In common phishing scams, the emails warn that failure to respond will result in your no longer having access to your account. Other emails might claim that the company has detected suspicious activity in your account or that it is implementing new privacy software or identity theft solutions.

How to Protect Yourself from Phishing:

The best way you can protect yourself from phony phishers is to understand what legitimate companies will and will not do. Most importantly, legitimate entities will not ask you to provide or verify sensitive information through a non-secure means, such as email.

Follow these five simple steps to protect yourself from phishers:

1.If You're Not Sure, Pick Up the 'Phone to Verify — Do not respond to any emails that request personal or financial information, especially ones that use pressure tactics or prey on fear. If you have reason to believe that a financial institution actually does need personal information from you, pick up the phone and call the company yourself — using the number from their actual website, not the one the email provides!

2.Do Your Own Typing — Rather than merely clicking on the link provided in the email, type the URL into your web browser yourself (or use a bookmark you previously created). Even though a URL in an email may look like the real deal, fraudsters can mask the true destination.

3.Beef Up Your Security — Personal firewalls and security software packages (with anti-virus, anti-spam, and spyware detection features) are a must-have for those who engage in online financial transactions. Make sure your computer has the latest security patches, and make sure that you conduct your financial transactions only on a secure web page using encryption. You can tell if a page is secure in a couple of ways. Look for a closed padlock in the status bar, and see that the URL starts with “https” instead of just “http.”

Tip: If you hover over or click the padlock on our genuine website then you'll get a message along the lines of 'Comodo Secure has identified this site as Letmatch Ltd. Your connection to the server is encrypted.'

If a suspected phishing email appears in your inbox, be sure to tell us right away. We will never ask you to verify your account details via a link in an email, and when we send enquirer's details to you they will be contained in the email itself and we won't ask you to log in to your Visum account.

If you follow these steps then you will drastically reduce your chances of being successfully phished and of suffering the accompanying annoyance and loss.


Share this post