Protect yourself from phone and internet phishing scams

Criminal activity has become increasingly technology-based, so it’s a very good idea to educate yourself on how to keep your money safe

Have you ever received a text message, email or phone call for someone looking for your bank or card details and deep down something about it doesn’t feel right? Or maybe everything seemed fine until your credit card bill went through the roof? These seemingly innocent messages inform you that you’re owed money or due a refund, or offer to make your computer or account more secure.

Phishing explained

Unsuspecting people who follow through on such messages by divulging information, or click on a link and enter the requested details, are victims of ‘phishing’. Phishing is a play on the word fishing and refers to criminals luring unsuspecting customers with bait – usually a promise of money – in exchange for personal/financial details. These scams are often highly credible, such as people receiving emails that appear to come from their bank asking them to confirm banking details. A lot of customers end up handing over their log in details to crooks. Phishing scams have evolved in a very sophisticated way from the obvious spam emails telling you that you’ve won the Spanish Lottery, or that the crown prince of a foreign country wants to transfer thousands into your bank account.

Phishing, smishing: the rise of fraudulent text messages

With the widespread use of smart phones has come an increase in text messages (SMSs) attempting to fool people into divulging their credit card details. This is called ‘smishing’ and this is how it works:

  • a person receives a text that looks like it’s from a brand they know and trust
  • rather than being from a phone number it will say the brand name
  • the text is automatically grouped in a 'thread' of other messages from the same brand name so the text looks genuine
  • the text may have a message with a link to a website
  • when they click on the link it goes through to what they think is a genuine website and looks like the real website
  • the person is asked to enter details, such as logging in or inputting their bank or credit card details
  • they enter their log in details for the real website on this dummy website or they enter their credit card details
  • criminals now have their personal details to defraud them of money

Why and how you can fall for this trick

Fraudsters easily fool people because they label the text message with a genuine brand name and have a link in the text that people can easily access due to their smartphone’s internet capability. Another hook/bait is the urgency of the message, or a promise of a refund or cash giveaway.

Steps to avoid a phishing scam

Nobody, it seems, can avoid phishing attempts. But you can stop and think before you act on any request for personal or financial information. If you’re concerned about an email, text or phone call from somebody asking for personal or financial details you don’t have to respond. Hang up the phone, don’t reply to the text or email and don’t click on the link provided. You can also:

  • contact the main customer service number or email for the company mentioned to verify the request
  • go directly to the main website and log in as normal

Know a scam when you see one

We’ll use the example of a text message claiming to be from DoneDeal.

What a phishing/smishing attempt might look like:

So, you get a text message or email on your phone that says on the label it’s from DoneDeal. It tells you that you’re owed a refund and asks you to click on a link to bring you through to the site.

Our advice:

Ask yourself: Have you ever placed a DoneDeal ad? Did you even pay for your ad in the first place by credit card? Remember – DoneDeal only asks customers paying by credit card for their details once and that is when the customer is paying for an ad.

 The first step NOT to take:

You click on the link and a page which looks exactly like the MyDoneDeal login appears. You log in and are asked to insert your credit card details.

Our advice:

Before you do this stop and ask yourself: Why is DoneDeal sending me a text with a link to log in? We will never do this. However, it’s also useful to understand what the proper DoneDeal web address looks like. This is what it looks like from a computer:

 

Note the green padlock and the ‘s’ in https? That stands for security. This is what it looks like from an iPhone:

For it to be a proper DoneDeal web address it needs to have ‘donedeal.ie/’ in the address bar; if the ‘.ie’ is followed by another word or letters followed by a ‘.com’ or something else, then it’s not donedeal.ie. Always ask yourself: Is the web address the normal DoneDeal web address?

The second step not to take

You insert your credit card details. Again ask yourself: Did you even pay for your ad by credit card? Our advice: Remember – DoneDeal only asks customers paying by credit cards for their details once and that is when the customer is paying for an ad. We have no reason to ask any customer for their credit card details at any other time, or through another link. You should only ever enter your credit card details if you’ve gone directly to the DoneDeal site, or smartphone app, and are placing an ad.

Other forms of phishing

By phone

Whenever you contact your bank or utility company they ask you for details that will confirm that you actually are the account holder. Have you ever thought of asking a caller for information to confirm that they are who they claim to be? If someone phones you looking for details – even if they know your name and address – you can call them back. Just phone the main headquarters or customer service number for that company. In one widespread phone scam criminals posed as computer security engineers and phoned people at home to tell them their computers were at risk from a security threat. They managed to log into personal computers and run deception techniques. People who fell for the scam told a Microsoft survey that :

  • money was taken from their accounts
  • their passwords had been compromised
  • they were victims of identity fraud
  • they suffered subsequent computer problems

The premium rate foreign number scam

In early 2013 many people around Ireland reported receiving a missed call from a foreign number with the prefix +386 which many people mistook as being an unknown Irish 086 mobile phone number (+353 86). It was in fact a premium rate Slovenian number. The bottom line is to stop and think before you respond to any phone call, email or text message asking for personal/financial details or asking you to log in to an account.