Phishing in your bank account?
Identity theft is one of the biggest problems facing internet users with online banking fraud losses alone totalling £21.4m during the first six months of this year.
One particular swindle involves fraudsters phishing for your details.
Phishing is when criminals attempt to gain our banking details by impersonating our bank and requesting sensitive information.
It usually entails an email asking the customer to verify their information. These emails often link to a website which will look exactly your bank's official website.
You'll be encouraged to enter your details and password into the site which will then be sent to the criminal, who will then have access to your online bank account.
These phishing emails are getting increasingly sophisticated. Some have even begun to impersonate government departments such as HMRC.
Dom's advice - how to avoid falling hook, line and sinker
If you're ever in doubt about an email always contact your bank directly.
Be aware that UK banks will never contact you requesting passwords or to verify account details.
If you get an email addressed to you generically such as "Dear Valued Customer" it's not likely to be from your bank; after all they should know your name.
If you think you have given your details to a phishing scam you should contact your bank immediately.
Click here to visit Bank Safe Online for more information.
In order to see this content you need to have both Javascript enabled and Flashinstalled. Visit BBC Webwisefor full instructions
© MMIX~RS~q~RS~~RS~z~RS~55~RS~)
Comments
My bank recently phoned me and asked me to confirm my name, address and DOB, information that I didn’t give them considering the prevalence of telephone and email scams. I hung up and later phoned my bank in order to ask whether they had just called me for my details and it turned out that the call was indeed genuine. How do you know who to trust? I have a basic rule of thumb and that is: not to confirm anything when asked via email or phone; I find the best thing to do is call, for example, the supposed bank back, to check the authenticity.
Complain about this comment
Working as an IT consultant, I pride myself in knowing how to say safe on the Internet, what to watch out for, and I preach the same to friends and family. However, I very nearly fell foul of a phishing scam yesterday - an email from what appeared to be from PayPal saying my last transaction had failed and would I please "click here" to log into my account for more details. Well I had actually just done a PayPal transaction, I knew my bank account was low, so the psychological advantage was the phishers. Fortunately I realised just in time....but the phishers are getting a lot more convincing, so be careful!
Complain about this comment
By all means do phone your bank to check - but don't use the phone number on the email - look it up or use the number on the back of your card.
Complain about this comment
There is one way to stop phishing emails, everyone who receives one should fill in the details- with total rubbish! Make up names, numbers, contacts etc... If the phishers receive enough rubbish they will be swamped and anyone who has inadvertantly sent genuine information will be diluted by sheer quantity.
Worth a shot!!
Complain about this comment
A couple of months ago we advertised our car for sale in a Japanese car magazine. We received an e mail from a gentleman who said he was based in Switzerland and he wanted to buy our car, without seeing it. He was prepared to pay the asking price along with £4,000 extra to cover shipping and £250 for our trouble. All we had to do was give him our bank details. This got the alarm bells ringing so I took a copy of the e mail to our local police station. They informed me it was a way that thieves use to launder money and on no account should we give them our details. I replied to our 'buyer' telling him I knew what he was up to and I didn't hear anymore from him.
I have also come across a similar scam where people who apply for a job are told they've got the job (with no interview) and all the prospective employer needs is their bank details! We need to be really careful of these scumbags.
Complain about this comment
When I came back from holiday a couple of weeks ago I found I had in excess of 300 junk emails. 75% of these were from banking organisations asking me for details. The amount of accounts I have that have been suspended with banks that I have never been in contact with outstrips the amount of hot dinners I have had. In one day last week I had 9 junk emails from the Abbey requesting my information. I must have reported hundreds of phishing emails to banks. So far - touch wood - I have not been caught out. My advice to you all is the same as Dom - BLOCK AND DELETE. If a banking organisation needs to contact you they will do this by post.
Complain about this comment
What disappointed me about this item was that it was apparently deemed necessary to illustrate an explanation of ‘phishing’ by showing someone ‘fishing’!
Or did Dom Littlewood believe that anyone capable of being scammed like this couldn’t absorb simple, sensible advice given in a straightforward way?
In which case, it’s just as well he didn’t have to explain how he operated his computer with a mouse!
Complain about this comment
Last year I was telephoned twice by Lloydstsb Gold Card Services fraud department. The calls were automated and a recorded voice demanded that I provided security information commencing with my date of birth as part of their security measures. I never discovered the other 'measures' as I hung up.
I telephoned Lloyds' card fraud department and was told the call was genuine and they used such calls as they were 'quicker' than other forms of contact.
I retorted that I considered their system to be totally irresponsible and went against all the teachings, instructions and recommendations of just about every legitimate agency in the land. The employee was unrepentant.
I then rang my manager at Lloyds Commercial section and he was quite aghast.
To my knowledge Lloyds are still ringing people out of the blue and demanding their personal details.
I would suggest that this would be one of the easiest phishing scams of all to set up if only anyone unscrupulous happened to think of it.
Jonathan Neville
Complain about this comment
I send any scam e mails I get to the supposed bank they came from. They should try and stop these scams from finding out from where they might have oringnally been sent from in the first place. I then delete them from my computer.
Complain about this comment
Hi Dom
I have received my renewal quote from Budget Car Insurance. To my horror I see they have put my bank account number at the bottom of the page. I rang Budget to be told that they do this for everyone so that we can let them know if the details are incorrect. The top of the page shows my name and address so I doesn't take a mastermind to work out what a criminal could do with that information if my renewal quote has gone astray. Would be grateful for your comments on this one. I wonder if I am the only one who has noticed this or whether any other insurance companies do the same?
About 8 year's ago my Mother was the victim of identity fraud. After my father died we put their house up for sale. I happily showed people round the house. A short while later my mother received a letter chasing her for money owed on a mobile phone account that had been set up in her name. She had never had a mobile and the letter was addressed to Miss P Brooks instead of Mrs. I rang the police, bank and the company concerned. It turned out that there was a gang going round viewing houses for sale and they were picking up utility bills and using them to set up fake accounts. We were lucky that the phone company accepted what we said and the case was closed with no stain on my mother's character. In this time of credit crunch when people are putting houses up for sale please let everyone know what happened to my mother and warn them to stay with prospective buyers as they go round and to lock away all important papers and anything with your name and address on.
We think you do a fantastic job. Keep up the good work.
I would be more than happy to contribute to the show about either of these things.
Kind regards
Antoinette Monks
Complain about this comment
Hi Dom,
I just wanted to say a big Thank you to you and the One Show team as I have only recently gone back to online banking after a break of 8 years or so. Until now I hadn't a clue about this scam at all.
I was casually scanning my 'Spam' folder when there it was an e-mail supposedly from my Bank. I had a good look at it and then I confidently deleted it.
Having logged onto my Online Banking Server later, I received a large warning from them that they were not ever going to send me an e-mail unless I has specifically requested them and that they would actually use my name and only one e-mail address.
What I found most illuminating about the bogus e-mail was how many different e-mail addresses they had actually sent to before it had landed into my 'Spam' folder.
As I am one of those extremely naive people who it would not have occurred to me that criminals could ask me to empty my own bank account, I am extremely grateful for your timely piece of research.
Yours sincerely,
Sian Lloyd
Complain about this comment
how do these phishing folk get the email address to send them. im very careful about who i give my email address to and for the last 2/3 months have been bombarded with false emails,claiming to be from banks ,catalogue companies,holiday firms, and i do know these are false as i changed over all my important/personal websites to another email address and im still getting them sent to my other address. i reported the bank ones and a couple of others.its weird as they claim to be from companies i do have. yet if you read the actual email addresses there is always a different letter or word ,can these people hack into your computer to get these details.its made me very wary now about ordering and paying for goods over the internet. many thanks mh
Complain about this comment
About 4 hourd before your item on phishing went out, I fell foul of phishing and gave away all my details to what I believed was my internet bank. I thought no more about it, until watching the One Show later that day. After checking the original Email - my name hadn't been used, so I phoned my bank. Luckily no money had been taken from my account and all passwords etc have been changed after running anti-spyware through my computer. I felt such a fool for falling for this scam. I shall be very wary of Emails from banks from now on. But thanks to the One Show, as without it I wouldn't have spotted my error.
Complain about this comment
I just wanted to point out that phishing is pronounced phi-zing not fishing, thought it was funny when it was constantly said wrong.
It originally start sometime in the 60's or earlier when things know as 'blue boxes' or 'black boxes' were placed inside telephone risers to make telephone bills null and void, and in the usa not in the uk.
you can easily spot the fake emails anyway, all you need is for the status bar in windows mail program to be on. and when you place your mouse cursor over the link the status bar will say where the link is going, and you can then read that the link actually isn't going to your bank. I've got one for tsb it looks official, I don't have a tsb account the link is not going to tsb its going (using whois site for web address) to somewhere, the web address is not in the uk so its not tsb. (it actually in the end traced to a single person living in australia, and the domain is on a canadian server)
Complain about this comment
i missnicelady this week have had 2 emails claiming to be from credit reference agencies to my email address but addressed to my partner and i know for a fact these was spam mails as he isnt registered with that one and the one we are registered to hasnt sent me any as i emailed them about it and the so called company i got this one from i got there email address and reported it. like i said how on earth do these people get mail addresses. i found this one quite creepy.
Complain about this comment
Are you liable if someone steals your
identity to obtain a store card and runs up a huge debt ?
Complain about this comment
Are you liable if someone steals your
identity to obtain a store card and runs up a huge debt ?
Jim H
Helensburgh
Complain about this comment
Hello Jimh99. Unfortunately, the onus is on victims of identity theft to prove that they've become victims of this type of crime (a case of "guilty until proven innocent"!). Therefore, you would be liable for the debt unless/until you were able to prove that someone else had used your identity to obtain the card fraudulently. In reality, this should be easy to prove as the identity thief would have had to sign an agreement to obtain the store card and you would be able to demonstrate that their signature does not look like yours (unless, of course, they've actually managed to get hold of an example of your signature and done a good job of copying it!).
Complain about this comment
It isn't just "your bank" asking for "confirmation". Here's a fun story with a twist.
A year or two ago I got a call from British Telecom, and a very polite person (with a rather heavy Indian accent) informed me my account was overdue, and asked if I could pay by card. My account was in fact overdue (priorities, priorities), I knew that, so my automatic reaction was to just get it over with. I had already started reaching for my wallet, when bells started ringing.
I told him I didn't have my card with me, and he very politely pointed out that my telephone would be disconnected if they didn't receive payment now. Darn ...
I asked if I could call back a little later, but he said that was not possible, and went on to say that in addition to being without telephone for many days, I'd also have to pay a reconnection charge if I didn't pay now. Eeeck!
I insisted that surely it must be possible to call them back in half an hour or so, but he stated they had a lot of work and didn't have time to discuss the matter further, they needed payment now, and if I couldn't pay, my telephone would be disconnected immediately.
I decided to try to call his bluff, and asked "How do I know who you are? How do I know you're not somebody trying to steal my card details?"
He lost it completely, shouting down the phone "You should not ask questions like that, I am only trying to help you, you should not treat other people like that, if it wasn't true how would I know your account is overdue ..." etc. Heh, gotcha. Gleefully, I hung up and carried on with my business, in the process receiving a couple of routine calls -- perfect, everything was in order.
Half an hour later my telephone was dead. Calling BT on my mobile I was told it had been disconnected due to non-payment.
I never managed to find out if this was a coincidence (people -do- win the lottery, don't they?) or if I was simply faced with a rude call centre employee, but callee beware: you can never be sure, one way or another, who's on the other side of that call.
-- Greg, London
Complain about this comment
Last night whilst buying an Ebay item using my Paypal account I was told that I must undergo a routine security check. I was asked to submit my entire bank account number and credit card number, change my password and create some new security questions and answers.
This was a genuine request from Paypal who "are a leader in security technology".
I cannot believe they can be so irresponsible. Their computers may be as safe as houses but it doesn't mean mine is.
Every other bank I deal with tell me that if you receive a request for that sort of information, it is safe to assume it is bogus.
Complain about this comment
View these comments in RSS