• Home
  • Cardholders
  • Phishing – when you receive an email that looks like it has come from your bank

Phishing – when you receive an email that looks like it has come from your bank

What is Phishing?

"Phishing" is a hacking term referring to a crime whereby criminals send thousands of emails out (like bait when fishing) to people whose email addresses they have obtained from an unknown source, in the hope that they get a "bite" or two. The emails generally appear as though they have been sent by a bank or financial institution and the criminal will aim to obtain security details so that they can access the respondent's bank account. In recent years the quality of the emails and bank branding has improved where years ago the grammar used in the emails and the images use by criminals was easy to spot as a fraud attack. It is important for everyone to know that your bank or financial institution would never contact you in this way. They would never initiate an email such as this and ask you for all of your security details. If in doubt, when you receive an email or phone call from someone claiming to be from your bank or card issuer, ignore them and phone the bank back on a number you know to be correct for your bank, i.e. from your bank or credit card statement or from the phone book.

Case Sample:

One such email sent out to consumers in the recent past appeared as though it had been sent by a major credit card scheme and strongly advised the customer to "update" or "confirm" his or her credit card details by clicking on the fake website link contained in the email. The link directed the user to an imitation website (which looked just like the valid one for that card scheme). The reader was asked to fill in their details, to confirm their account details in order to "update" their credit card. Customers were duped into believing that their cards would be blocked if they didn't take this urgent action. Individuals, who responded to this Phishing attack, filling in all of the requested bank security information, had their bank accounts cleared out by the criminals. While most banks and card issuers tend to refund customers for these types of losses, more and more customers are being held liable for losses given the amount of detail they provide to criminals through this method.

How to avoid a Phishing attack

  • Anti-phishing toolbars are included in most web browsers. Ensure that you use the most up-to-date version
  • Ensure that your anti-virus software is kept up to date
  • Never respond to any unsolicited emails or phone calls that request personal or security information
  • Ensure that websites on which you use confidential information have a secure connection. The http: should change to https:// when a site is secured
  • Look out for the padlock in the browser window
  • Heed and messages that appear in the browser alerting you to possible attacks
  • Avoid sending personal or security information in an email
  • Make sure you check your bank statements regularly and report any unusual account activity to your bank or card issuer