What is phishing?
Scammers try to get your personal details like bank account and credit card numbers, usernames and passwords from you. If you are fooled by the scam and give them your details the scammers can use these to steal money from your bank account, spend money on your credit card or steal your identity and take out loans in your name.
Phishing scams can happen through email, a website, instant messaging or through social media like Facebook and Twitter or even over the phone.
Some examples of phishing scams include:
- You get a phone call from someone claiming to run an online service that fixes problems with PCs. They may even say they are calling from a well-known IT company like Microsoft. The caller claims that your PC has a virus, system crash or that it has been hacked. They then say they can resolve the “problem” remotely if you give them your credit card details and/or remote access to your PC. You should not give any details to the caller. Just hang up.
- You get a legitimate looking email that looks like it came from your bank, government department or other legitimate organisation, asking you to update or confirm your personal financial information or telling you there has been some unusual activity on your credit card or bank account. You could be asked for your bank account number, PIN, credit card number, or internet or phone banking login details. Your bank will never ask you for your personal details in this way. Do not reply.
- You get a email from an organisation you have never dealt with before saying that they have money for you from the sale of shares or a lottery win. It asks you for your bank account details so they can lodge the money. Sometimes you also get a phone call after you receive the letter. Again, do not reply to these contacts.
Ask yourself some common sense questions
- Why would a genuine bank or internet service provider ask you for your personal details in this way?
- Why does a website looking for your personal information not have basic security features? A secure website will have an address beginning “https:” rather than “http:” and a “lock” symbol should show up in the bottom right-hand corner of your web browser. If you double-click on this “lock” icon a security certificate should appear. If the name following “issued” isn’t the name of the site, the site may be a fake.
- Why would a utility provider contact you to tell you there is a problem and not the other way around? If there is a problem with something like your broadband, gas or electricity, the first person to know will be you.
Who to contact
- If you get a suspicious email from your bank or other service provider use the phone rather than email to contact them at their official number, and ask what’s going on. Take their advice if they tell you to change any of your passwords.
- If this is a case of phishing, alert the Gardaí
- Forward the message to the service provider’s abuse address (for example, if the email comes from a Hotmail account, you should contact firstname.lastname@example.org)
- Alert your family and friends to the scam