“Phishing” (pronounced as fishing) is the latest and fastest growing from of information theft. The process is called “Phishing” because it uses e-mail lures and scare tactics to “fish” for sensitive personal information – including passwords, credit card numbers, and account information – from a wide “sea” of unsuspecting PC Users. One e-mail Phishing expedition can potentially reach millions of internet users.
So how exactly does phishing work?
You will receive an unexpected e-mail that looks like it is coming from a bank or financial services company. The e-mail will ask you to send account details and sometimes a PIN by return e-mail or will direct you to a web site that is a fraudulent – and often convincing – duplication of the Bank or financial services company's office site.
The e-mail may scare you by saying “ your account has been or may be frozen”, “your credit card has been cancelled”, “we are updating our software, please confirm your data”, or any number of other creative ploys. Unsuspecting people who fall victim to these ploys sends their personal information and the “phishers”, in turn, commit identity theft and other fraudulent activities, such as withdrawing your money or using your credit card at their leisure.
How can you protect yourself against a phishing attack
- Remember that no bank will ever ask you for personal, account, or PIN information by e-mail.
- If you need to go to your banking or online service, use your own tried and trusted method (e.g. by using your own link in your Internet “Favorites” or by typing the site's URL into your browser window yourself).
- Never reply to the suspected phishing e-mail to figure out if it is legitimate. Please just delete this type of e-mail.
- If an e-mail looks suspicious, contact the bank cited in the suspected phishing e-mail with a phone number you know to be genuine, to verify if the e-mail is authentic.
- If you wish to use online banking services, please access websites through reliable methods, such as through “Favorites” you have saved, or type the URL directly into the address bar.
- If you are suspicious that a website you log onto is fake, exit it immediately and do not follow any instruction given by the website.
- Do not reply to any e-mail requesting that you disclose personal information, such as a password, account number, or other confidential information, or any e-mail requesting that you update information or confirm the correctness of information.
- Never open an attached link in an email message, especially a message from an unknown source, as there is a high risk of it being fraudulent. Sometimes those links can even appear to be from the Bank's website, but once you click on them you will be lead to a fraudulent website. There are no limitations in creating links, and it can be difficult to differentiate between fraudulent and genuine URLs. It is strongly advised that you type the URL in the Web browser by yourself.
- Do not send personal information or confidential financial data to any website if it does not have any security system to encode data because information will be sent just like unencrypted regular mail. If you have to input any confidential information, you must ensure that the website has a security system by looking for a key sign on the browser. Please beware of similar websites created to trick customers into disclosing personal information. You must be sure that the website has notifications about the confidentiality of its information and security systems. You must also read the information carefully.
- Check your transactions. When being informed of account or credit card balances, or receiving confirmation letters, carefully check the amounts and services to see if they are correct or not. Report to the bank immediately if any transaction is not correct.
- Report to the bank immediately if you find any incident you suspect might be an enticement. If you believe that any individual is attempting to deceive you by pretending to represent the bank or other companies within the SCB Group, please contact the SCB Call Center at 02-777-7777 (24 hours a day).
Remember that SCB or its staff will never ask customers to disclose their identity number, and PIN or any other confidential information via regular e-mail or on an unsecured web site. If at any time you suspect that an e-mail may be fraudulent, contact the SCB Information Security Division email@example.com
An example of the phishing e-mail
Dear ABCDBank customer,
Recently there have been a large number of indentity theft attempts targeting ABCDBank customers. In order to safeguard your account, we require that you confirm your banking details.
This process is mandatory, and if not completed within the nearest time your account may be subject to temporary suspension.
To securely confirm your ABCDBank account details please go to:
Thank you for you prompt attention to this matter and thank you for using ABCDBank!
ABCDBank® Identity Theft Solution
Do not reply to this email as it is an unmonitored alias
A member of ABCDBank
Copyright © 2004 ABCDBank