Online fraud: phishing
Picture the situation. You get an email, and it looks genuine enough. The sender's address seems to be legitimate, and appears to 
be from your bank, say, or your Internet service provider (ISP). Perhaps it says you need to "update" or "validate" your personal information, such as your user name, password, credit card number or bank account number.
This high-tech scam is known as "phishing", and it has already been used against many large well-known Irish organisations and their customers. The fake emails sometimes threaten some dire consequence if you don't respond.
Spoof sites
Often they tell you to visit a website to update your details. The site looks just like the real organisation's site, with authentic logos and a very genuine looking web address. But it's a "spoof site" - a false or shadow copy of the real website.
"Spoofing" is designed to trick you into giving away your personal information. This is also known as "identity theft". The operators will sell your information to criminals, who will use it to ruin your credit and drain your account and possibly even commit crimes in your name.
Sometimes the scam is even more sophisticated. You're directed to the genuine website, then the fraudsters pop up a new window to capture your personal details. The information you enter doesn't go to the legitimate site but to the fraudster's account.
What to do
Always be very suspicious of any email with urgent requests for personal financial information. Don't hit the "Reply" button on the email and don't click on the link to the website. Ask yourself some common sense questions such as:
- Why would a genuine bank or ISP ask you for your personal details in this way?
- Why is a website looking for your personal information but it doesn't have basic security features?
A secure website will have an address beginning "https:" rather than "http:", and when you visit it a "lock" symbol should show up in the bottom right-hand corner of your web browser. If you double-click on this "lock" icon a security certificate should appear. If the name following "Issued" isn't the name of the site, the site may well be a fake.
If in any doubt about a suspicious email message
- Use the phone rather than email to contact the relevant organisation (your bank, ISP etc) at their official number in the phone book, and ask what's going on
- If this is a case of phishing, alert the Gardai too
- Forward the message to the remitting Internet Service Provider's abuse address (for example, if the email comes from a Hotmail account, you should contact abuse@hotmail.com)
- Use up-to-date anti-virus and anti-spyware software to keep unwanted or malicious software at bay
- Go to the real site and change your password
Don't let Internet thieves hook your personal information. Beware the pirates who go "phishing" on the Internet. They want to trap your personal financial information - hook, line, and sinker.
Learn more
Read the makeITsecure campaign's guide to phishing, including four examples
Find out more about phishing at Webwise.ie
Find out about other kinds of scam on the European Consumer Centre Dublin's website
Visit one of the biggest anti-phishing websites in the world