cardboardbox?Youwerelucky
Niiiiii..!!
Joined: 16 May 2007
Posts: 1854
Location: lincolnshire
|
 Posted: Wed Nov 28, 2007 2:43 pm Post subject: Phishing - Warning |
 |
|
Not a new thing I know but bear in mind the last few paragraphs
Gone Phishing
There cannot be anyone in the country who is unaware of the loss by Her Majesty’s Revenue & Customs (HMRC) of the bank account and other personal details of 25 million people. So far there is no indication that these details have fallen into the hands of fraudsters, but clearly that is a worry concerning everyone affected.
What has not really hit the news is a disturbing increase in the number of “phishing” and “419” e-mails that appear to originate from HMRC. I stress “appear to”. In case there is any doubt on the matter, HMRC is not taking a leaf from the book of Nigerian and Russian criminal gangs to add to the Treasury’s coffers.
No doubt you and your staff have received numerous e-mails from apparently upright businessmen offering to pay you several million dollars if you will aid them in moving vast amounts of money out of the corrupt regime in which they have been accumulated. The 419 fraud (so named after the section of the Nigerian Criminal Code which outlaws it) is by now so well-known that the fraudsters must be having great difficulty finding anyone gullible enough to be taken in by the original version. One way in which the criminal gangs can keep hoodwinking their victims is by changing the story and apparent source of the e-mail. An official looking e-mail from HMRC causes many victims to send in payments of tax on lottery winnings in the belief the tax office will then release their winnings. As an experienced financial adviser you are aware, I am sure, that there is no tax on lottery winnings, but the victims do not realise this.
But the fraud which is likely to overtake the 419 scam in terms of the total losses suffered must surely be “phishing” in its various guises.
What exactly is “phishing”? How can you recognise it, what financial damage can it do, and how can you protect yourself and your business against it?
“Phishing” is a form of social engineering, designed to trick you or your staff into giving away confidential information which can later be used for profit by the scammer. Most people seem to have a natural predisposition to answer any question they are asked, especially if the questions seem to be coming from someone in authority. You may have heard of the psychological experiment where commuters emerging from underground stations during the rush hour were asked by students to reveal their user name and password for their company computer system. A surprising number happily gave the answer without even questioning why they should do this. Criminal gangs have cottoned on to this tendency and exploited it through “phishing” e-mails.
Typically, you will receive an e-mail from a financial institution such as a bank asking you to fill in such details as your account number, the password you use to access your account online, and perhaps also the “secret question and answer” used by the bank to test your identity if, for example, you forget your password. The e-mail will usually look just as though it genuinely came from your bank, with the correct logo, address, telephone number etc displayed just as it might be on an e-mail your bank would send. Except, of course, your bank would never ask you to confirm sensitive information like this by e-mail.
Usually there will be a link in the e-mail which apparently takes you to a page on your bank’s website. The address showing on the link will look genuine, but it is not. You will be taken to a site especially created by the scammer to lift enough details from you to enter your account online and spirit all your money away before you or the bank know what is happening.
Up until now, banks have usually covered the financial loss, as they do not want their customers to lose confidence in internet banking. But that attitude is changing fast. Too much money is being lost to the scammers, and more and more institutions are checking that the customer has not been careless before agreeing to any recompense. As long ago as late 2004, APACS (the UK banks’ trade association) issued a statement that contained the significant sentence “Customers must also take sensible precautions, however, so that they are not vulnerable to the criminal.” If you do not take those precautions you may get little sympathy from your bank and could lose every penny you have to the scammers!
As people have become more aware of this scam, the fraudsters have started shifting their efforts to government departments such as HMRC. Someone who would not dream of e-mailing confidential information to a bank may well happily answer all the questions they think they are being asked by the tax office.
So, how can you recognise a “phishing” e-mail?
Frankly, be suspicious of any e-mail that asks for any sensitive information. I never respond to such e-mails and have never found I have ignored a genuine request from one of my banks or a government body.
If you really do want to respond, here is how.
If it is from an institution you recognise and already have dealings with, contact them directly. Not by clicking on a link conveniently supplied in the e-mail. Not even by telephoning a number supplied in the e-mail. Look up the number in your own contact system or address book – or the white pages or yellow pages – and speak to them directly. Almost certainly you will discover they never sent the e-mail in the first place.
If it is from an institution you do not have dealings with, then I would question why you would wish to respond at all. But if, for some reason, you insist on responding, again look up the number in the white pages or yellow pages and speak to someone there direct.
“Phishing” scammers know their scam is likely to be short lived. The bank or other institution (E-Bay for example) will quickly become aware of the campaign and alert their customers to it. A “phishing” e-mail will therefore probably give a very good reason why you have to act quickly. For example, a statement that your account has been compromised and will be frozen until you provide the required information to prove your identity. A statement like this is a dead giveaway – you are being “phished”. In the case of an apparent tax rebate promise from HMRC, the e-mail will often say there is likely to be a delay in processing your refund unless you respond before a very early deadline. Again, a clear sign of “phishing”.
What can you do to protect yourself against “phishing” scammers?
Your key defence is simply to ignore any e-mails asking for any sensitive information.
Equally important, ensure your staff are aware of the problem. Send this e-mail around to all staff with an instruction that they must read it. You may prevent them from being tricked personally, for which they will no doubt be grateful. But they will also now not be tricked into giving away company bank account information or other sensitive commercial information just because it looks as though the e-mail requesting it has come from a reputable source.
For more information on some of the current “phishing” and “419” e-mails that purport to be from HMRC, visit http://www.hmrc.gov.uk/security/fraud-attempts.htm.
I hope you and your staff find this information helpful, and perhaps are able to use it to ensure you or your business do not fall victim to the latest wave of scam attacks originating predominately from the Russian mafia._________________ 
BOXYS BAR - LIQUER UP FRONT AND POKER IN THE REAR |
|
