Est. Reading Time: 4 minutes
It can sometimes be difficult to determine if a message purporting to be from your bank is legitimate or is an attempt to steal your personal information. Wikipedia.com defines phishing as, “the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from PayPal, eBay, Youtube or online banks are commonly used to lure the unsuspecting.” Our anti-spam firewall processes over 100,000 messages a day so I get so see a lot of quarantined and blocked email messages that have tried to phish for personal information.
Since phishing emails are sent out in bulk to purchased or stolen email lists, it’s more likely that you don’t do business with the company named than that you do.
Here are some of the things to check before responding to any messages that claim to be from your bank.
1. Is it really from your bank? I have seen hundreds of messages from different banks and received many with whom I don’t do business. If it’s not your bank, it’s probably a scam.
2. Does the message look professional or that the sender is comfortable and competent in the messsage’s language? Look for spelling and grammatical mistakes. If there are mispelled words, awkword sentence structure, misplaced punctuation, then the message probably didn’t come from a legitimate source.
3. Does the salutation contain your name or is it a generic message sent to “Account Holder”, “Valued Customer”, “Dear Bank Member”, etc? Your bank should know your name.
4. Does the message ask you to send your personal information, either by responding to the message, or by fax, or even telephone? I’ve never seen a legitimate company send an unsolicited request for personal information.
5. Does the message contain dire warnings about locking, closing or deleting your account? Scam artists try to scare you into acting without thinking. Take a deep breath and review all the other items on this list.
6. Should you follow the link to the web site? Even if the URL on the page looks legitimate, take the time to look for these telltail signs of fraud:
- Pausing the mouse over the link shows a different URL than you would expect for the web site.
- Does the URL contain a numeric address (for instance: http://10.100.10.151/login.html)?
- Does the URL have a misspelled company name (http://secure.bnkname.com/ instead of http://secure.bankname.com/)?
- Does the URL have an altered name (http://secure-bankname.com/ instead of http://secure.bankname.com/ Notice the ‘-’ and’.’ in front of bankname.com)?
- Does the message claim that the link is secure (using SSL) and your data is safe? The URL should start with “https://”, not “http://”; notice the missing ‘s’?
If, after all the above, you’re still not sure if you’re being scammed, pick up your phone book (don’t use any telephone numbers in the message) and call the institution. You can be reasonably sure that if you call them, you’re at least talking to a legitimate company. Mention that you received a suspicious email and want to verify that the message is legitimate.
You can also visit the institution’s web site (don’t follow the links in the email; open a browser and enter the web site’s address in the browser address bar). The institution’s web site will have a Contact Us form where you can ask if the information you received is legitimate. You can also log into the site and verify your account information.