Phishing is the attempt by fraudsters to acquire sensitive information such as usernames, passwords and card details, via email, by pretending to be from a trustworthy entity, such as your bank or financial institution. This information can be used to access you or your company’s bank account or card.
The fraudster often sends thousands of generic emails out (like bait when fishing – hence the name phishing) to people whose email addresses have been obtained from an unknown source, in the hope of getting a “bite”. These emails tend to have generic greetings such as “Dear Customer” or “Account Holder”. However, in some cases a tactic called “spear phishing” is used where the fraudster has some detail about the target, such as their name or the company they work for.
The emails try to trick people into clicking on a link in the mail by claiming that they need to “update”, “verify” or “reactivate” their account or that they can claim a refund. The link brings the victim to a bogus website (which may look like the genuine company’s website) where they are asked to key in financial or security information. Another variation of phishing is that the victim is asked to fill in a form which is attached to the email and to email it back.
The email often imparts a sense of urgency, threatening that your account will be blocked, closed, deactivated or that you will suffer some other negative consequence, if you do not act immediately.
In recent years’ phishing emails masquerading as email communications from banks, card issuers, PayPal, utility companies, An Garda Síochána and Revenue have been common.
- Never respond to any unsolicited emails that request personal or sensitive information without first independently verifying the legitimacy of the email.
- Never give away security details, such as PIN or online an banking passwords to anyone.
- Never click on a link or attachment in an email until you have verified it is from the source it says it is from.
- Anti-phishing toolbars are included in most web browsers. Ensure that your business is using the most up-to date version of your web browser.
- Ensure that your antivirus software is kept up to date.
- Be wary of emails that do not use your name and use generic greetings such as “Dear Customer” or “Dear Sir/Madam”.
- Do not open or forward emails that you think may be spam.
- Be cautious of any messages that appear in your browser alerting you to a possible attack or suspect website.
- Check company accounts/bank statements regularly and report any unusual account activity to your bank or card issuer. If you think your business has been a target of phishing or you or a member of staff has visited a phishing site and provided your details contact your bank immediately. Also notify your IT provider as soon as possible.
- Don’t allow yourself to be rushed. Take your time and do the relevant checks. Remember it pays to pause.