Friday, 2 December 2011

Realistic Phishing Scams

Phishing emails, which attempt to trick people into revealing personal information, passwords and bank details, are becoming more sophisticated.

Modern phishing emails contains graphics and logos copied from legitimate organisations, use professional language and provide a link for recipients to log into a copy of the legitimate website. However, it's a trap and once you log in your account details are captured and used by the criminals to log into the legitimate website and get access to your money and to the organisation's computer systems.

Once we become aware of a phishing attack we shut down the link so that it is impossible to access from the University, but by that stage several University members may have already been duped.
  • Be very wary of any email warning that there has been suspicious or unusual activity in your account.
  • Never click on a link in an email to log into a secure service - it's getting too difficult to distinguish between real and fake
Below are some examples of recent fraudulent phising emails:

Convincing Halifax Clone

Convincing Barclays Clone

More traditional Student Loan Company Clone

You can see the bank clones are becoming more realisting than the older-fashioned Student Loan Company example, but the fraudsters continue to improve their techniques making each wave of attacks more convincing than the previous.

The best advice we can give is never click on a link in an email to access a secure service. Always type the web address you require into your browser directly, or do a web search.