Alison Treadaway, MD of messaging specialist, Striata SA, says the only long-term antidote for phishing is education, and therefore getting coverage on a programme like Carte Blanch is ideal. “Teaching consumers to differentiate between a valid e-mail and a fraudulent e-mail is critical in the war against e-mail scams.”
There are three different levels of sophistication evident in the fraud attempts seen over the past six months.
Spray Phishing, the most basic of e-mail fraud, involves blasting out a generic spam mail to every e-mail address the fraudsters can find. An example of this is e-mails informing you that you've won a lottery, or that you could be a beneficiary, or could stand to inherit some money. The catch is that you need to supply your details and possibly produce a down-payment of some kind in order to collect the funds. There is no personalisation or branding in the e-mail, and often there are spelling and grammar mistakes.
Treadaway explains: “Spray phishing has been going on for years. It's a numbers game: if the fraudsters distribute enough e-mail, they are bound to find someone who will fall for the scam. Most often, the victims are new Internet users who are excited to receive an e-mail and innocently respond, allowing the scam artists to open up a dialogue.”
The next level of scam sophistication is called User Phishing. The e-mail comes from a recognisable brand and requests a legitimate sounding action from the recipient. Banking brands in particular have been targeted with these scams, as fraudsters become increasingly good at copying legitimate communications in order to dupe the bank's clients.
“We have seen e-mails that are perfect replicas of valid bank communications, ranging from the graphics and Web links to the wording. The only difference is when you click through via a link to complete the “action”, you land up on a fraudulent Web page,” says Treadaway.
The third and most sophisticated type of scam to emerge is Spear Phishing - targeting specific individuals or organisations. The criminals behind the scam have done their homework and know enough about the target to appear legitimate. Using social networking sites, free e-mail services and any other information they can find on the Web, the fraudsters craft a customised communication that they target at a specific individual.
“The e-mail may be addressed to you by name, it may contain information about someone you know and it will most certainly ask you either for money (to bail out a friend in trouble), to input your banking information, or just to open up a dialogue.”
Treadaway says there is no foolproof way to protect yourself against phishing attacks, other than being vigilant about your online activities and staying informed.
Follow these key guidelines to ensure that you do not become a victim:
* A bank will never send an e-mail requesting your personal security details. Any communication that asks you for your login, pin or password is a scam.
* If the e-mail is digitally signed (look for the red rosette), check the signature to make sure it comes from the right sender.
* Before clicking on a link in an e-mail, mouse-over the link and check the URL. If the URL does not conform to what you would expect, ie, www.bank.co.za, do not click on it. Rather type the correct e-mail address into your browser.
* Secure banking sites will publish a Web certificate that shows as a padlock next to the address bar in your browser. This proves that you are entering a secure site. The correct URL, coupled with the presence of the padlock, is an indication that you are entering the legitimate site. There are Web sites on which you can verify the owner of a URL.
* To avoid the risk of downloading spyware or malware, change your Internet security settings to always ask for confirmation before downloading anything to your computer.
* Use anti-virus and anti-spyware software and make sure you keep them up to date.
* There are many sites and blogs that discuss phishing attempts. Copy and paste the content of the suspected e-mail into a search engine, and if it is a known phishing attempt (you will most likely not be the first to receive it) there will be lots of information and discussion about it.
* Use common sense: if the e-mail content seems too good to be true, then it probably is. Be cautious about opening unknown attachments or downloading any files, regardless of who sent them. Don't e-mail your personal, financial or password information, ever.
Share
Striata
Striata's Secure eDocument Delivery and Email Bill Presentment and Payment (EBPP) are solution sets that deliver a rapid reduction in operational costs, quicker payments and an enhanced customer experience.
Striata revolutionises the way bills, statements, policies, collection notices, letters, paystubs and other high volume system-generated documents are delivered and paid. Registration requirements are eliminated by e-mailing feature rich, interactive, encrypted documents directly to the inbox and enabling innovative 1-click electronic payment from within the document itself. Direct e-mail delivery of bills and statements dramatically increases customer adoption of electronic documents, paper turn off and ePayments. This enables Striata's clients to achieve rapid ROI; complement their existing self-service and e-communication strategies; significantly reduce paper output and to meet their carbon footprint/environmental impact targets.
As a leading international provider of electronic messaging since 1999 with more than 200 blue chip customers, Striata has operations in New York, London, Sydney, Johannesburg, Hong Kong and partners in North, Central and South America, Europe and Asia Pacific. Web site: http://www.striata.com
Editorial contacts