Does that email look (ph)ishy? How to spot a scam

[This article is originally published in cba.ca - Uploaded by AIRS Member: Joshua Simon]

Phishing scams – or email fraud are as old as e-mail itself. The scams are all attempts to get you to volunteer your personal information to criminals or to install malware on your computer or mobile device. Criminals attempt to fool you by sending email messages that point to fake websites. The email you receive may look real, with company logos, links, and branding, but when you enter your information into the website, that sensitive data is handed right over to criminals.

Is it a scam?

Here are a few ways to spot a phishing attack:

• Is the information request legit? Your bank will never send you an email, or call you on the phone, asking you to disclose personal information such as your password, credit or debit card number, or your mother’s maiden name.
• Does the email have a sense of urgency? Warnings that your account will be closed or your access limited if you don’t reply is a telltale sign of a phishing scam.
• Does the email look professional? While some fraudulent emails may look professional at first glance, if you look more closely you may notice spelling and grammatical errors, unusual language or branding that isn’t quite right.
• Fraudulent emails may not be personalized and instead, are addressed in general terms, such as "Dear valued customer." Targeted phishing scams do exist though and can be personalized.

Many organizations can, and have, been the targets of phishing scams, including banks. Check out these examples of some recent email scams:

What banks are doing to protect you from phishing

Banks take extensive steps to protect your personal information entrusted to them and to help you protect it as well. It is important to remember that fraudulent e-mails sent out by criminals may look like they come from banks, but they are not connected with banks at all.

Banks have teams of security experts working behind the scenes to find these fraudulent websites and shut them down as soon as they are detected to prevent any of their customers from becoming victims of fraud.

Consumer education is also one of the best ways to stop phishing and prevent customers from inadvertently disclosing their personal information. Most banks have information available on their websites providing practical tips on how to protect yourself and your money. Check with your bank for tips and information. Click the links below to be connected to the phishing pages on individual bank websites.

• BMO Financial Group
• CIBC
• HSBC Bank Canada
• Laurentian Bank of Canada
• National Bank of Canada
• President's Choice Financial
• Royal Bank of Canada
• Tangerine
• The Bank of Nova Scotia
• TD Bank Group

How to avoid e-mail fraud

There are some simple steps you can take to avoid becoming the victim of phishing and e-mail fraud:

• Be skeptical. Fraudulent e-mails can look like they come from a real bank e-mail address. If you have any doubts about an e-mail that looks like it is from your bank or a reputable company, contact them before responding to ensure that it is legitimate. But don’t use the toll-free number, e-mail address or website address provided in the e-mail: they may link you to the criminals rather than the bank. Use a phone number, e-mail address or website address that you know is correct.
• Never send personal and/or financial information by e-mail.
• Always enter your bank’s website using the website address (URL) that you know is accurate. Contact your local bank to get the correct website address if you're unsure.
• Regularly review your bank and credit card statements to ensure that all transactions are authorized. Also check your credit report at least once a year by contacting credit reporting agencies Equifax Canada and TransUnion Canada.
• Check the domain name shown as the link in the e-mail. When you click the link, if it does not match the name that appears in the browser at the top of the screen, then it may be a fraudulent website.
• Make sure that your home computer is protected. Install anti-spam, anti-spyware and anti-virus software and make sure they are always up-to-date. You should also install a personal firewall to act as a barrier to viruses and other external attacks and check for operating system patches and upgrades on a regular basis.

If you receive a phishing e-mail, there are two things you should do: report it and delete it. Reporting any fraudulent e-mails you receive to the bank or other company being spoofed, you can help us prevent other people from falling for e-mail fraud. To report a fraudulent email, be sure to send the email as an attachment.