Phishing and Spoofing!

We’ve all heard of it but what exactly is it?

Phishing (reminds us of fishing) is trying to get your personal information or bank/credit card passwords to commit a fraud. How does it happen?

First you receive an email from your bank or credit card company asking you to act immediately on the message. There is generally a sense of urgency – they are going to close your online access, they need re-confirmation of your personal data, your account is blocked till you reactivate it etc. There is also a link to take you to the company’s website. When you click on the link you are indeed taken to a website which is very similar to the genuine one. This fake website is called a SPOOF.

Once you fill in your personal information on the forms they so helpfully provide, a criminal now has access to your account.

Merely clicking on the link and going no further can also mean trouble, for the click could download a program to your computer to log your keyboard strokes. This is called a keyboard logger and the information is sent to a criminal ring who will analyse it and wait for the time when you login to your accounts. (Nobody wants to read your letter to Aunt Jo, but they all want your logins and passwords!)

So how do we protect ourselves from phishing and spoofing?

First, never click on links provided by emails. Preferably don’t even open such emails.

Banks never ask for this type of information through email. If in doubt contact your bank before taking any kind of action on the internet.

Its very easy to spot a fake email from the Bank of Sri Lanka if you have never had an account there. But when you get one from a bank where you do have an account is when to watch out and not trip up. Spoof websites have become very clever and the logos and padlock etc are all there to reassure you and draw you in.

Monitor your accounts regularly and when you sign in make sure you type out the URL each time. Boring but necessary.

Your bank will tell you on your account page when you last logged in.

Check to make sure you did indeed login at that time.

Never store passwords and other key information on a computer. The good old book and pen are the best bet.

Have a good antivirus and update regularly.

Change passwords every few months. Most of us are lazy and stay with a password forever.

Should the worst happen and you have been the victim of internet fraud contact the bank or your credit card company immediately. Most have insurance against this type of fraud and when you signed up for online banking they have agreed to refund the money to you in case of fraud, provided you notify them within a specific time and sign into your account at least once a month or once in two months, depending on their policy. Which means, don’t leave online accounts dormant but sign in at least once a month. Otherwise the fraud refund guarantee could be invalid.