What is Phishing ?
Q. Why is it called phishing?
A. In the mid-late 1990s, people tried to obtain AOL screen names and passwords which would allow them to gain free online access, by directing AOL users to fake web sites. Details captured in this manner were traded with other people and were referred to as “phish”. The term phishing comes from the analogy that the fraudsters are “fishing” for information in the sea of Internet users and the “ph” spelling has its origins in the hacking community when phone “phreakers” used to manipulate telephone exchanges to gain free calls.
Q. How long have phishing and Trojan attacks been around?
A. Although phishing has been around for some years, the first more sophisticated phishing attacks started in March 2003 on bank customers abroad before spreading to the UK in September 2003. Whilst the threats posed by viruses and Internet worms have been growing for some time, the use of Trojans to capture sensitive information entered into web sites is a relatively new phenomenon which started to become apparent in mid-2004.
Q. What is being done to stop phishing?
A. The banking industry is working very closely with a number of partners in the UK and overseas, such as the National Hi-Tech Crime Unit, Internet Service Providers and software companies to clamp down on the phishing attacks. However everyone, especially ordinary web users, need to be wary of these threats and ensure that they take steps to protect themselves and their computers. Only by working together can we defeat the criminals.
Q. How do the phishers get your email address?
A. Phishing emails are types of “spam” email which are sent at random to customers and non-customers alike. Spammers gather email addresses from a variety of sources such as web pages, newsgroups, guesswork and a whole variety of other means and these lists are traded across the Internet. The addresses are not gathered from the bank and the bank’s own systems have not been used to send the emails.
Q. How successful are the criminals who use phishing scams?
A. Although the number of attacks has increased, most people are aware of the scams and merely delete the messages. However, as these scams have become more sophisticated and the number of Internet users increases, the potential for customers to be fooled into giving away their security details potentially increases. However, banks are continuing to work at a number of levels to educate customers and limit the impact of these attacks so the number of people who are duped should remain small.
Q. Who do I report a phishing incident to?
A. In the first instance you should inform the bank using the contact details listed on their web site. If you receive any suspicious emails or you think you’ve seen a phishing web site, or an offer to become a money mule then you can report it.
Q. What do I do if I think I have already disclosed my personal security details on a phishing site, without realising what it really was?
A. It is essential that you contact your bank immediately by telephone informing them of when this happened and how you were contacted. This will enable your bank to investigate and ensure that you and your account are protected.
Q. Who do I contact if I think that I have been targeted by a Trojan?
A. If you detect a Trojan on your computer, you should try and remove it using anti-virus software, or seek the support of your computer or software supplier. If you have used any online banking services recently, you should contact your bank so that they can ensure that steps are taken to protect your accounts from fraud. However, if you do receive any suspicious emails or you think you’ve seen an email that may be part of a Trojan scam you can also send a copy to reportsbanksafeonline.org.uk. – click here to Report a scam
Q. What should I do if I receive an email or see an advert which seeks my involvement in a money mule scam?
A. You should never respond to these advances, especially if you are asked to provide your bank account details to someone you’ve never met. If a specific bank is mentioned in the advert, you should contact their helpdesk on the published number. You can also contact reportsbanksafeonline.org.uk – click here to Report a scam
Q. What should I do if I have become involved in a Money Mule scam?
A. Anyone who has disclosed their bank account details or received funds into their account should contact their bank immediately.
Q. Is it safe to continue to use online banking?
A. Yes. Banking online is a safe and convenient way to manage your money and there is no reason why the Internet cannot be used with confidence. However, you should not relax your guard when online. You should be more suspicious of an unsolicited email than of a stranger knocking at the front door, because it is harder for you to ask the email sender to prove that they are who they say they are. Remember, if you follow the advice on this site and that given to you by your bank, it will a lot harder for the criminals to succeed.
Q. If I have had money withdrawn from my account by criminals, will I get a full refund?
A. Banks are committed to keeping their customers’ money safe and will protect customers from Internet fraud as long as they have acted with reasonable care. Customers must also take sensible precautions however so that they are not vulnerable to the criminal. If you think that you may have disclosed information to a fake site, or if you believe that your password has been captured by a Trojan, contact your bank immediately and give them as much information as possible to ensure that they can protect you and your money. Each case of Internet fraud is different and you can be sure that the bank will make a full investigation in the unlikely event that money is withdrawn from your account.
Q. What are security updates (patches)?
A. Security updates are provided by most software manufacturers to fix any vulnerabilities discovered in their products. Software manufacturers provide security updates (patches) for their operating systems and for applications such as web browsers on their web sites.
Q. I use Internet Explorer to access the Internet. Which Security Updates should I install?
A. You should connect to the Microsoft Windows Update site at http://windowsupdate.microsoft.com and select “Scan for updates”. This will then check which updates need to be applied to your computer. Those listed under “Critical Updates and Service Packs” are the most important. If you use Internet Explorer for Internet banking, make sure that you install all of the updates for this programme. More information is given in Protect your computer.