useful information email

 

Contact us

Investment

Latest News

11/26/07Phishing still a popular sport - for criminals

Despite numerous press warnings, criminals still try to trap the unwary into giving them personal banking information.

Our e-mail in-boxes continue to benefit from the attention of those who wish to part us from our money without offering anything in return. We do not refer to the numerous adverts for wonder-cures for a wide range of personal problems (although these probably offer nothing of practical value) but the e-mails offering us millions of dollars if we will just provide (taken from an actual e-mail) our:

  • Full name, phone and fax numbers;
  • Name of your bank and the account number/sort-code; and
  • Proof of identity, such as a driving license.

Anyone parting with information of this nature to a third party at all, let alone in response to an unsolicited e-mail from someone claiming to be (in this case) Deputy Governor of a Central African Bank and using a hotmail address, is likely to be disappointed if they expect to receive a brass farthing. More importantly, they will be lucky to find that their bank account has not been emptied for them.

These scams are easy to spot, because they offer something for nothing and as the old saying goes "you don't get anything for nothing"; or, more accurately, "if it looks too good to be true, it probably is".

More difficult to spot can be the genuine looking e-mail that appears to come from a recognised UK bank, telling you that there has been a security alert, or questionable access to your on-line account, and that you need to log on to re-confirm your identity.

The address on the e-mail will look perfectly correct, including the all important "HTTPS" at the start, indicating that it is a secure site. However, if you click on the link - and we strongly recommend that you never do so* - you will see that the actual address is completely different (although it will contain the all important www.halifaxonline.co.uk to catch out anyone who takes the trouble to check).

The giveaway is that the actual address is everything in the lead up to the first "/"; this is where you are being directed. Everything else is simply routing within their website.

In the case of a series of fake Barclays e-mails, we have identified three different top level domains (that is the last letters after the "." at the end of the real address) including Hong Kong, Belgium and Niue. (For those who are interested Niue is a Polynesian island).

There are a few simple rules to remember:

  1. Your bank will NEVER ask you to confirm your account details and passwords over the internet, they have this information already:
  2. Never follow a link in an e-mail unless you really know, and trust, who it is from or have at least checked that the link goes where it says it does;
  3. Always look for "HTTPS" in the address bar of your browser and the closed padlock to show that this is a secure site;
  4. Never believe you are "helping someone out" - schemes saying they are liberating unclaimed money are invariably both fraudulent and illegal.
* Clicking on a link of this nature can help criminals to at least determine that your e-mail account is active, even if they do not plant a "Trojan" on your computer to monitor your keystrokes.