Phishing for your funds
17 March 2005
Phishing for your funds
"May I steal your bank account details and money, please?" We all know exactly how to respond to a question like this, no matter how genuine or polite the caller sounded.
"When the same question is disguised in 'phishing' emails or calls, however, many consumers fall hook, line and sinker", said Liz MacPherson, General Manager of the Ministry of Consumer Affairs.
Using trigger words and phrases to attract attention like 'WARNING - Security breach of your account', or 'Account Verification Required', 'Account Suspended' and 'Billing Error', these scams prey on a consumer's desire to protect their personal assets.
"These words are carefully chosen to obtain one particular response - for the consumer to open the email and respond immediately without pausing to think," said Liz MacPherson.
Phishing scams send customers an email out of the blue, apparently from a New Zealand or Australian retail bank seeking personal banking information or confirmation of passwords. The link within the email takes consumers to a website designed by the scam operators to look exactly like the bank's authentic website.
Phishing is not a new phenomenon. What is new is the intensity and technical sophistication of these scams. They not only trick people into disclosing personal details such as PINs and passwords, but clicking on the email link can upload dangerous code onto the consumer's computer, designed to continually capture personal information.
"Scammers are also using 'spoofed' websites that look authentic, making their whole package seem genuine and urgent to people", said Deborah Battell, Director of Fair Trading for the Commerce Commission. "It is important to note that phishing emails or calls do not only come from banks or other financial institutions. Online auctions have also been targeted."
Banks strongly advise consumers do not respond to these emails and inform them of any that appear. Banks do not communicate with customers through email, or request personal information in an unsecure environment.
The Ministry of Consumer Affairs and the Commerce Commission have renewed calls for consumers to take precautions against phishing as part of a four week campaign by the Australasian Consumer Fraud Taskforce to help people protect themselves from scams. If you have received an email of this type, contact your bank to report it or check for news information on the bank's real website.
Consumers are the frontline defence against a phishing scams - the best protection against scammers is to hit the delete key or hang up!
Tips to help consumers protect themselves from phishing
1. First, stay calm. Resist your first impulse to hit the 'reply' button. Never follow the instructions in the email.
2. Suspect a scam. If you're asked for your account details or passwords by email, be suspicious.
3. Keep your computer secure. Some frauds can lure you into opening an email or an attachment that secretly installs a 'trojan' or virus, allowing scammers to monitor your computer and access your accounts. Install and keep up-to-date protection on your computer, and remember your best weapon is the 'delete' button.
4. Only go to the official website for your financial institution. Using your 'favourites' or by typing the website address (URL) in the address bar of your browser is the best way to enter websites. Never click on a link to your bank's website from an email.
5. Avoid using computers at public places, such as internet cafes and libraries, for any online banking. Public computers can harbour spyware, leaving your account open to scammers.
6. Take a few privacy precautions. Keep private information out of chat rooms and guard your email address and phone number.
7. Never click on a link. This could result in a nasty, unwanted download such as a 'trojan' or virus.
8. Act quickly if you think you've been conned. If you get a suspicious email, contact your financial institution or your legitimate service provider directly. Do not respond to any contact details in the email. If you're still uncertain or if you have sent any details through an email or website you're a bit worried about, email or phone your financial institution or the legitimate service provider through their customer support department, and ask them to confirm the email's authenticity. They will tell you what to do next.
Jacqui Martin, Senior Communications Adviser,
Phone work (04) 924 3709, mobile 027 524 3709
Julie Allan, Senior Communications Adviser, Ministry of Consumer Affairs
Phone work (04) 470 2302, mobile 021 513 833
This media release can be viewed on the
Commerce Commission and Ministry of Consumer Affairs web
Consumers should always check
As part of a trans-Tasman approach to combat consumer fraud and scams targeted at consumers, the Australasian Consumer Fraud Taskforce was established in March 2005 and comprises 18 government regulatory agencies and departments in Australia and New Zealand.
Agencies participating in the Taskforce are:
Government: Commerce Commission; Ministry of Consumer
Australian Government: Attorney General's Department; Australian Bureau of Statistics; Australian Communications and Media Authority; Australian Competition & Consumer Commission; Australian Federal Police (represented by the Australian High Tech Crime Centre; Australian Institute of Criminology; Australian Securities & Investment Commission; Department of Communications, Information Technology & the Arts
State and Territory Governments: Australian Capital Territory - Office of Fair Trading; Consumer Affairs Victoria; New South Wales - Office of Fair Trading; Northern Territory - Department of Justice; Queensland - Department of Tourism, Fair Trading and Wine Industry Development; South Australia - Office of Consumer & Business Affairs; Tasmania - Office of Consumer Affairs & Fair Trading; Western Australia - Department of Consumer & Employment Protection.