How to help yourself
Think before you act: these messages often try to scare you into supplying details or offer unrealistic rewards: remember, there's no such thing as ‘free money'!
Check it out: If you do receive a request to ‘verify' personal information, contact the company it claims to be from directly to check it's genuine. Make sure that you type the web address into the address bar rather than using any hyperlinks in the suspect message.
Be alert: These days phishing sites can look very convincing, they're often built by proper web developers who will put a lot of effort into making it look genuine. Pay attention to the following:
- The genuine article? It may look like the real thing but does it have spelling mistakes either in the text of the email that sends you there, or in the landing page itself?
- Is it really a ‘secure site'? If you visit a secure page you will see the URL change from http:// to https:// and the Secure Sockets icon (the small padlock) appear in the address bar. Some phishing sites will include this on the page but often get the position wrong: it should be at the top, in the browser, not on the page itself
- Is that URL right? Slight amends to the web URL can indicate a phishing site, especially when it looks perfectly sound, e.g. www.barclaysbank.co.uk could be changed to www.barclays-bank.co.uk
Report it: If you are sure the message is a fake, report it to your Internet Service Provider (ISP), your bank or online retailer (as appropriate). If the suspicious mail relates to a banking site you can report it to Bank Safe Online (www.banksafeonline.org.uk/report_scam) so they can let the rest of the banking community know.
Take the test! The security company VeriSign devised a quick quiz and whilst its primary aim is to sell software to retailers, it is useful to see how convincing these fake sites can be. Take a look at https://www.phish-no-phish.com/default.aspx (needs Flash).