What is Phishing?

Phishing (also known as phising) is the practice whereby a fraudster who is pretending to be from a legitimate organisation, sends misleading emails requesting personal and financial details from unsuspecting people.

If the information is supplied to the fraudster, identity theft (where the fraudster pretends to be the account holder) usually occurs and money may be transferred away into the fraudsters account or used directly to make online purchases. Phishing is predominately associated with spam, whereby thousands of messages are sent out at once in the hope that a few people will be caught and supply their financial and personal details to the fraudster.

Computer viruses and spyware can also aid in spreading personal details throughout the Internet. Phishing was first identified in hacker circles in 1996 and became a major issue in auction sites such as eBay and payment gateways such as PayPal. In recent years, phishing has become more sophisticated and many financial institutions (including banks) clients are falling victim to the fraudulent practice.

What does a Phishing Email Look Like?

The following is an example of an email containing phishing information. All the information is invalid and designed to source financial information from an unsuspecting account holder. The email was not sent from the bank as it indicated, but rather from a fraudster, pretending to be from the bank.

========================

From: U.S. Bank Association [service@usbank.com]
To: webmaster@netalert.net.au

Dear U.S. Bank valued member,

Due to concerns, for the safety and integrity of the online
banking community we have issued this warning message.

It has come to our attention that your account information needs
to be updated due to inactive members, frauds and spoof reports.
If you could please take 5-10 minutes out of your online experience and renew
your records you will not run into any future problems with the online service.
However, failure to update your records will result in account suspension.
This notification expires on May 20, 2004.

Once you have updated your account records your internet banking
service will not be interrupted and will continue as normal.

Please follow the link below
and renew your account information.

U.S. Bank Internet Banking

========================

Similar emails can appear to come from popular Australian financial institutions such as the major banks and financial institutions.

How to Avoid a Phishing scam

There are some simple rules that you can follow which will help you stay protected from phishing:

• Never respond to an email that asks for personal or financial information, even if appears to be from your bank.
  
• Always call your bank by phone or visit them in person if you wish to update your financial and personal details.  Never send this information electronically.
  
• Regularly check your computer for viruses and spyware to ensure that your system is not being scanned for personal details without you knowing.
  
• Determine who you need to contact in an emergency if you feel you have become a victim of phishing.  Reports may need to be filed and accounts temporarily closed.
  
• Keep close check of your financial statements to see whether there are any unexplained transactions.
  
• Understand your rights in relation to online fraud.

For more info on phishing threats, visit the following website:
http://www.webopedia.com/DidYouKnow/Internet/2005/phishing.asp