|
|
|||||||
| Websites and the Internet This is the place for experts on all things WWW, FTP, HTML, SQL and C++... and the more down-to-earth aspects of finding great content and avoiding nasty surprises. |
 |
|
|
Thread Tools | Search this Thread |
|
#1
4th February 2009
|
||||
|
||||
Quick tips - 'phishing' scams and using sensitive login details online
Even the wary can be caught out... or worn down with sheer volume. A 'phishing' scam is one were an unscruplulous outfit tries to get you to unwittingly hand over sensitive details such as bank details and/or account login information by purporting to be from your bank/building society/phone company/etc. etc. etc. Here are a few things to look for if you aren't sure if an email/website is 'phishing' for your details, or the real article: 1. Does it have the right branding/logos/layout and does it use appropriate language? - actually, this is a red herring: don't bother looking at this as even the laziest and most stupid scammers find it pretty easy to copy logos/branding and even genuine bank communications so pretty much all scam mails/web pages look genuine. 2. Do return email addresses/web links on the page look like they return to the real (assuming you know what the real URL and email addresses look like!) site/people? eg. Does an email claiming to be from Barclays Bank come from admin@barclays.com... or from, say, email@barclaysbank.someisp.net? The former COULD be real... the latter certainly isn't! But, again, scammers can be adept at 'spoofing' URLs and email addresses so this still isn't foolproof. 3. No reputable organisation will ever ask you to input any kind of sensitive details on anything other than a secure web server. You may see these described as 'xxx-bit encrypted', 'SSL' (Secure Socket Layer), etc. There are two pointers to tell you you are using a secure server: a) the URL in your web address bar should begin 'https://...' (as opposed to 'http://...', or 'ftp://...', for example). b) you should see a padlock symbol in a status bar (you certainly do on MS Internet Explorer and Mozilla Firefox... I can't speak for other flavours of browser explicitly) somewhere down in the bottom-right. Don't see either/both of these? Don't enter anything in/respond in any way. 4. No reputable organisation (and certainly no a financial institution) will ever ask you to give them full login details and/or other sensitive information over the phone, via an email or anywhere other than an expected onlin security check to login (and even then it is common practice to ask for, say, letters from a password rather than the whole thing). If they do, then they are the idiots and not you. 5. This is the easiest to follow and most important of all... If in ANY doubt, delete the email/navigate away from the web page/hang-up the phone. The worst that can happen is that someone genuine thinks you have been a little abrupt. You can always ring back and, when you know you are talking to the real article, apologise and explain. I've no doubt that those more knowledgable than me can add more and similar below! Stay safe out there, people 
__________________
What goes around comes around... so keep it going! 
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
|
|
