what is phishing?
Phishing is when criminals send convincing looking, but fraudulent emails to lure you into entering your details at a fake but genuine looking website. Fraudsters use your details to access your accounts and money or to steal your identity. Criminals can also use hyperlinks or attached files within phishing emails as a way to infect your computer or device with malicious software (malware).
Here's how to spot a phishing scam:
When you receive an email you should check it for signs that it may not be from the company it appears to be from.
Check the email address - Is it the same as the email address you usually receive emails from, or just similar.
Check the email subject line - anything along the lines of "There is a secure message waiting for you", "Security Alert", "System Upgrade" and so on should be treated as suspect.
Check the message title - if it reads 'Dear Customer' or 'Dear Valued Customer' or if isn't personalised at all, then you should be suspicious. Phishing emails will not usually include your name.
Look for an emotive prompt to click on a hyperlink or a button or to download a file, such as 'Verify your account or password' or 'update your security details'. This will likely take you to a copycat website where you will be prompted to enter your full details.
Be suspicious of any message that creates a sense of urgency, such as 'If you don't respond within 48 hours, your account will be suspended'. A legitimate company will not create a false sense of urgency.
Check the wording for casual or informal words
Check the grammar and spelling for mistakes or inconsistencies.
Top Tip! You can hover your mouse pointer over hyperlinks (or buttons) to see the underlying website URL.
Avoiding the phishers
- MINT will never ask you for your full PIN or password.
- Never respond to any unexpected or suspicious emails.
- Don't click on any links or attachments within unexpected or suspicious emails.
Text message (SMS) phishing
ow to protect against a common scam
As mobile phones become capable of helping you manage your money online, you need to take even more care against the fraudsters.
What is SMS phishing?
Some people receive text messages pretending to be from MINT. They may state that sensitive information about you has been posted on the internet and encourage you to visit a web site. These messages are fraudulent - visiting the link in the text could result in an attempt to infect your computer or handheld device with a virus.
Other messages state there is a problem with your account and encourages you to phone a number. These are also fraudulent, trying to trick you into giving away your personal and security information.
Example text messages:
"Your account is closed due to unusual activity. Call us at [number removed]"
"Someone has posted your full Personal & Banking information @ http://[website address removed] You must remove it now."
"Hi, I post your full Personal and Banking information at [website address removed] You can remove it, I am sorry"
What can I do?
- Always DELETE text messages like these.
- Do NOT phone the number, fraudsters will attempt to trick you into disclosing your personal information.
- Do NOT click on the link or type it into your browser, as you may be at risk of being infected with malicious software.
- If you have followed the link, we recommend that you carry out a full check of your computer or handheld device as soon as possible to find out if any spyware, computer virus or other malicious software has been installed.
- The most effective protection is to keep your phones security up to date.
- We will never ask you for your PIN or password by text or email.
- Whilst MINT now offers a Text Messaging service to give alerts or updates about your account and services available, we will never ask for your full security details or direct you to a page which requires you to enter any logon details or use a card reader device.
- Smart phones will automatically convert some text into web page addresses - do not click on any link unless you are absolutely certain it has come from a valid source.
- If we send you a text, we won't include specific details but may refer you to our contact our Customer Services (without providing a number)
Telephone Approaches (Voice phishing)
>What is Voice phishing?
Some people are receiving unsolicited phone calls pretending to be from the a bank or even the police. Often they will encourage you to part with security
information as part of an ongoing investigation into potential fraud, or claiming that they need to verify security information following a recent transaction. This can include requesting you to hand over cards or PIN details to third party couriers.
Sometimes you might get a "warm-up call" where no information is discussed, but your guard is lowered when you get a subsequent call, which refers back to the initial seemingly innocent call you received.
Call 1 - "This is the Bank/Police. We believe that your card has been compromised and we therefore need to collect your card to assist with our investigation. To verify yourself/assist the case, please enter your card PIN into the telephone handset. We will arrange a courier to collect your card shortly. For security, please place your card(s) (and PINs) into an envelope, along with the case reference number that we have provided, ready for courier collection."
Call 2 - "You recently made a payment and we would like to verify that it is genuine. Before we can do this I just need you to provide your online banking log in and characters 134 of your PIN and 268 of your Password" - the transaction is confirmed as fraudulent with the customer at which point the customer is given instructions to provide a card reader code to obtain a refund"
What can I do?
Here are some tips on how to avoid becoming a victim of Voice Phishing:
- NEVER disclose your PIN or Online/Telephone banking log-in credentials to anyone, even if the caller claims to be from the Bank or Police. Remember, we will NEVER call and ask you to disclose these security details. NEVER call and ask you to disclose these security details.
- If you receive a call requesting your PIN, card details or Online/Telephone banking log-in credentials, end the call immediately.
- If you receive a suspicious or unexpected call, always verify the caller using an independently checked telephone number, for example by contacting your branch or using the contact numbers on our website.
- Be aware that fraudsters often use techniques to hold your phone line open, so that when you try to dial out to verify the caller, they intercept and re-answer the call, claiming to be the Bank or Law Enforcement. To ensure that your phone has not been compromised, we recommend using a different/ phone line to verify the caller (where possible). Where a second phone line is not available, try calling a family or friend on the line first, as the fraudster will find it difficult to impersonate a voice that is known to you.
Report suspicious emails - Help us to beat the fraudsters
However, if you have responded to the e-mail, and/or you suspect that any of your accounts with us have been accessed online by someone other than yourself, please contact us immediately on 0845 300 4350. When calling from abroad please dial (0044) 1268 508020.