Phishing is a sophisticated trick used by fraudsters or organised crime gangs, to dupe users of financial services companies (potentially banks) over the internet, out of their funds. The first ever recorded case of phishing occurred in 2003.
The fraudsters or criminal gangs set up a fake website – "spoofed" - which emulates those which any high street financial services have set up for internet based banking purposes. These bogus internet sites are almost indistinguishable from the real websites. Once the website is set up the fraudsters/criminals will send users e-mails with the web link to the site which will appear to the user as the web link to the financial services provider.
In the e-mail message the user is invited to click on the web link, which instead of taking them to the real website re-directs the user – without their knowledge – to the bogus site. Here the user will be requested, as part of a "security check" or "updating information," to divulge their personal information such as account numbers, credit cards, usernames, passwords and social security numbers.
Recent developments indicate that Phishing gangs are using increasingly sophisticated techniques, to harvest useful user information when the unsuspecting victim opens the e-mail message.
The data collected can then be used to;
- Empty the user's bank account; or
- Steal the user's "identity" and open new accounts in the user's name in order to act as middlemen for money laundering purposes or goods bought with stolen credit cards.
There are ways of avoiding these scams!
- DO NOT RESPOND TO E-MAILS WHICH ASK YOU TO PROVIDE PERSONAL DETAILS OVER UNSECURED CHANNELS!
- ALWAYS CHECK WITH YOUR FINANCIAL SERVICES PROVIDER WHETHER THEY ARE REQUESTING INFORMATION FROM YOU PRIOR TO PROVIDING THIS!
- DO NOT OPEN E-MAILS FROM PEOPLE OR SOURCES UNKNOWN TO YOU!
Remember that a reputable financial services provider would never ask you to provide this type of information over unsecured internet channels.
There are additional ways in which a user can protect themselves for example by purchasing virus scanning software and "Spam mail killers".
In addition you can also visit the Anti Phishing Working Group's website at www.antiphishing.org to obtain further details.
Update - July 2005
A recent development to phishing scams has been that instead of directing recipients to a web-page, you could be asked to call a telephone number which is typically described as "Customer Support". The fraudsters will then go on to obtain personal and confidential information, such as your account number, password(s) and other data. These can then be used to steal your identity and gain access to your account.
We strongly advise that you do not respond to these emails and deal with them in the manner suggested for other phishing scams (see main part of this page)