The NatWest/RBS/Ulster Bank problems that hit customers on Cyber Monday provide the perfect opportunity for cyber criminals to launch phishing emails on bank users.
Phishing is a kind of malicious attack where cybercriminals create a fake website — meant to look like a popular online resource, e.g. online banking services, and use various social engineering methods to attempt to lure users to the website. The aim is to persuade users to enter personal details to gain access to their cash.
It’s possible that you will get emails soon purporting to come from your bank, saying that you are due compensation and you should ‘click on this link’ to access the information. Don’t do it!
Recent research from Kaspersky Lab found that 47% of us have received bogus emails allegedly coming from a bank. Although many will recognise phishing attempts, these attacks do often end in success, with about 4% of respondents reporting that they had lost money to cybercriminals. Remember, even a small success rate translates into big money for cybercriminals.
There are tell-tale signs you can look out for to separate a phishing email from a genuine message from your bank.
A phishing email may contain any of these:
- An impersonal greeting or signature
- A mismatched ‘from’ field or entire subject e.g. the sender’s address maintains one domain, but the link in the letter body leads to another
- Typos e.g.“Clickhere” written as a single word and language that doesn’t seem to come from a native speaker
- The message does not address you by your actual name or includes lots of employees from different groups that aren’t working directly together
- The message body or subject contains a strange or shortened URL(s)
- Attachments or links that the receiver is asked, demanded, or shocked into opening or downloading
- Alarming language e.g. threats to close the account if the user does not follow the link or doesn’t provide necessary information within a certain period of time
- Asks for personal information including full name, address, date of birth or bank details.