Phishing is the attempt by fraudsters to trick you into handing over personal information such as your bank details, usernames, or passwords via email, by pretending to be from a trustworthy source such as your bank. The information they gain can then be used to access your bank account or debit or credit cards.
The criminal typically sends thousands of generic emails out (like bait when fishing – hence the name phishing) to people whose email addresses have been obtained from an unknown source, in the hope of getting a “bite”.
These emails tend to have generic greetings such as “Dear Customer” or “Account Holder”. However, in some cases, a tactic called “spear phishing” is used. In these cases the fraudster has some detail about you (frequently sourced through social media) and may use your name or some other specific detail about you in the email.
The emails try to trick you into clicking on a link in the email by claiming that you need to “verify”, “update” or “reactivate” your account or that you can claim a refund. The link brings you to a bogus website where you are asked to key in your financial or security information. The website will look almost identical to the real thing.
To make phishing emails look like they are genuinely from a well-known company, they include logos and other identifying information taken directly from that company’s website such as your bank, online payment services, or Revenue Commissioners.
The email often imparts a sense of urgency, threatening that your account will be blocked, closed, deactivated or that you will suffer some other negative consequence, if you do not act immediately.
- Never respond to any unsolicited emails that request personal or sensitive information without first independently verifying the legitimacy of the email.
- Never give away security details, such as your PIN or full online banking password to anyone.
- Never click on a link or attachment in an email until you have verified it is from the source it says it is from.
- Limit or restrict how much personal information you share on social network sites.
- Don’t allow yourself to be rushed; take your time to make the relevant checks.
- Anti-phishing toolbars are included in most web browsers. Ensure that you are using the most up-to-date version of your web browser.
- Ensure that your antivirus software is kept up to date.
- Be wary of emails that do not use your name and use generic greetings such as “Dear Customer” or “Dear Sir / Madam”.
- Do not open or forward emails that you think may be spam. Take heed of any messages that appear in your browser alerting you to a possible attack or suspect website.
- Check your account/ bank statements regularly and report any unusual account activity to your bank or card issuer.
- If you think you have been a target of phishing or have visited a phishing site and provided your details, contact your bank immediately.
- Unexpected Windfall / Easy Money … an email designed to trick you into parting with money or sensitive financial or security information under the guise of an unexpected win, inheritance or other windfall or in order to secure a job or work opportunity.
- Identify Theft … the gathering and use of a person’s identifying information, such as name, address, date of birth, PRSI number, photo, card number etc. for the purpose of committing fraud or some other crime.