The term “phishing” refers to the practice of using the internet to “fish” for sensitive personal information like passwords or user names. Today, phishing attempts are rampant.
Phishing attempts strike a particularly sensitive nerve when they target bank or credit card information. In a worst case scenario, the stolen data can be used to plunder your entire bank account or to make credit card purchases at your expense.
The most well-known phishing method involves sending emails which, to the recipient, appear to be sent from their bank or credit card issuer. These communications generally prompt the recipient to enter their user name and password on a bogus website. Typically, the message indicates that the user’s current password needs to be updated for security reasons.
In many cases, users are led to believe that passwords must be changed within a limited timeframe, and are then prompted to enter their sensitive bank information.
Phishing: bogus emails
Phishing emails pretending to originate from Swiss banks like UBS, Credit Suisse, various cantonal banks and PostFinance are currently running their rounds across the net.
When email addresses are carefully selected by phishers for a specific purpose, such as sending you a bogus email from your local bank, the term “spear phishing” is used.
“Whaling”, on the other hand, targets big fish or “whales”, such as C-level managers, and is often carried out more professionally.
Phishing methods are becoming ever more refined. Trojans, pieces of software designed to install themselves on your computer or device, allow third-parties to access your devices. Trojans are often spread in mass via email and online activity. These programs can act as “middle men”, intercepting data transferred between you and your bank. The stolen information can then be used to access your bank account.
7 ways to protect yourself from phishing attacks
- Just checking the email address from which an email was sent is not a sure way to prove who sent the email because sender addresses can easily be manipulated.
- Phishing emails often include an urgent request of some sort, or questionable information requests. Less professional phishing attempts may use impersonal greetings (“Dear customer…”) and can, in the clumsiest attempts, even include typos in the text.
- Swiss banks never send emails to customers requesting sensitive personal, banking or credit card information. If you receive this kind of email, delete it immediately.
- If you have any doubt about the authenticity of an email, make sure you do not open any possible attachments. These can contain destructive software.
- Make sure to contact your bank by phone if you aren’t sure whether or not a request actually came from them. Use the bank’s official phone number. Do not use any phone numbers indicated in emails.
- Keep your anti-virus programs up to date. A good antivirus program should be able to identify most Trojans.
- Only use online banking services if your bank offers up-to-date security software.
The moneyland.ch team