Keep yourself safe from phishing scams

Friday, March 25, 2011 Written by Geoff Wigglesworth

"Phishing" scams are where you get an email from your Bank or some other trusted company asking you to do something. They look like the real thing, with logos, colours and address details. They usually (no, ALWAYS) have clickable links which lead to a website where you are asked to "top up your account" or to put in your username and password details. That site might look like your Bank's site, or it may not.

Here's one I got recently:

As you can see, the email seems to come from a company called TradeMe (where I have an account) and asks me to top up my account.

You should always be very suspicious of ANY email that asks you to disclose your passwords or to "top up your account". Most trustworthy companies will not ask you to do this by email. So don't ever do what they are asking without checking it out first.

Here's a couple of pointers that should help you to decide if the email is genuine or not:

Firstly, who is the email addressed to? Is it to the normal email address you use with this company? Or is it addressed to several email addresses, or to "undisclosed recipients"? If a bank ever sent you an email such as this, they would use your normal email address.

Secondly, hover your mouse pointer over any of the links - a "tooltip" should show you where the link goes to (see the image below).

As you can see, the website I would have been sent to, had I clicked the link, doesn't seem very much like Trade Me's website. In fact, by using an online "IP lookup" tool, I can check those strange numbers (that's called an IP Address) and find out where the website is based. If you want to do this yourself, the one I used (for free) is at IP-Lookup.

Bolivia! There's not much detail, but I doubt TradeMe has an account on a Bolivian website.

Another thing that should make you suspicious is bad grammar. Most companies pride themselves on the high standards of their communications and would not let ungrammatical emails be sent out.

So don't fall for this stuff - treat all emails from unknown senders with suspicion. Be careful out there.