North Wales Community Safety Partnerships

 

Buying Online

Personal Information
statment

BBC Crime card fraud advice
What to do if your credit card is used fraudulently.

BBC Webwise
The law in relation to computer security and data protection.

APACS Card Watch
The cardholder section explains what steps victims of fraud can take.

 

  

You and your Family

 

Your Home

 

Your Vehicle

 

Going Away

 

Buying Online
online

Watch out for Phishing scams!

What steps to take to avoid becoming a Phishing victim.

In recent years, there has been a huge growth in e-commerce across the world, but reports of problems have put people off. Is this the only side to the story?

Despite these many concerns, some now argue that it is actually safer to buy online than buying over the phone or handing your credit card over to someone in a shop. This is because if the online payment is handled properly your banking details will be 'encrypted', which means they cannot be viewed by anyone other than those handling the transaction - usually the banks.

If you're still unsure, Card Watch, the UK banking group that works with the police and retailers to stop credit card fraud, offer the following 'top ten tips' when buying online:

  1. Make sure your web-browser (that's the software that you use to view websites, most commonly Internet Explorer or Netscape) is set to the highest level of security notification and monitoring. These options are not always automatically activated when your computer is set-up, so check your manual or the 'Help' option.
  2. Check you are using a recent version of your web-browser as they often include better security features - up-to-date versions can be downloaded free from the Microsoft or Netscape websites. If you have a different browser or use on-line services such as AOL or CompuServe, contact your ISP (Internet Service Provider) or software supplier to find out how to activate their security features.
  3. Before purchasing from a website, make a record of the retailer's contact details, including a street address and landline phone number. If these details are not available on the website, consider going elsewhere to buy, do not rely on the e-mail address alone.
  4. Do not enter personal details unless the security icon is displayed (this is a small padlock that normally appears at the bottom of your browser when you begin your transaction over the Internet). You can click on the padlock to see if the retailer has an encryption certificate. This should explain the type and extent of security and encryption it uses. Only use companies that have an encryption certificate and use secure transaction technology. The address of the page where you enter personal details should also start https://.

    Secure
  5. If you have any queries or concerns, telephone the company before giving them your card details to reassure yourself that it is legitimate.
  6. Print out your order and consider keeping copies of the retailer's terms and conditions and returns policy. Be aware that there may well be additional charges such as postage and VAT. When buying from overseas always err on the side of caution and remember that it may be difficult to seek redress if problems arise.
  7. Check statements from your bank or card issuer carefully as soon as you receive them. Raise any discrepancies with the retailer concerned in the first instance. If you find any transaction on your statement that you are certain you did not make, contact your card issuer immediately.
  8. Ensure that you are fully aware of any payment commitments you are entering into, including whether you are instructing a single payment or a series of payments.
  9. Never disclose your card's PIN number to anyone, including people claiming to be from your bank or the police, and never write it down or send it over the Internet.
  10. If you have any doubts about using your card, find another method of payment

Watch out for Phishing scams!

What is Phishing? –

Phishing is a term used to describe the action of assuming the identity of a legitimate organisation, or web site, using email or web pages and with a view to convince consumers to share their user names, passwords and personal financial information for the purpose of using it to commit fraud. Phishing is a hacker's term, hence the reason it is spelt with a "ph" instead of the expected "f" (the "f" was replaced in hackers' terminology for their telephone hacking activities in the 1970's - "Phone Phreaking"). As such, it could be creatively described as "fishing for consumers' identity and financial information", but as the term is relatively new to the english language terms like "scam" and "hoax" will remain closer to the tip of the consumer's tongue.

These email hoax or phishing scams (and the fake web pages that they sometimes refer you to) are nothing new; but they are on rapid increase and with ever changing content, presentation and approaches, a great many of us are likely to fall victim.

What steps to take to avoid becoming a Phishing victim.

Be suspicious of any email with urgent requests for personal financial information

  • unless the email is digitally signed, you can't be sure it wasn't forged or 'spoofed'
  • phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
  • they typically ask for information such as usernames, passwords, credit card numbers, social security numbers, etc.
  • phisher emails are typically NOT personalized, while valid messages from your bank or e-commerce company generally are

Don't use the links in an email to get to any web page, if you suspect the message might not be authentic

  • instead, call the company on the telephone, or log onto the website directly by typing in the Web adress in your browser

Avoid filling out forms in email messages that ask for personal financial information

  • you should only communicate information such as credit card numbers or account information via a secure website or the telephone

Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser

  • to make sure you're on a secure Web server, check the beginning of the Web address in your browsers address bar - it should be "https://" rather than just "http://"

Consider installing a Web browser tool bar to help protect you from known phishing fraud websites

  • EarthLink ScamBlocker is part of a free browser toolbar that alerts you before you visit a page that's on Earthlink's list of known fraudulent phisher Web sites.
    o Its free to all Internet users - download at www.earthlink.net/earthlinktoolbar

Regularly log into your online accounts

  • don't leave it for as long as a month before you check each account

Regularly check your bank, credit and debit card satements to ensure that all transactions are legitimate.

  • if anything is suspicious, contact your bank and all card issuers

Ensure that your browser is up to date and security patches applied

  • in particular, people who use the Microsoft Internet Explorer browser should immediately go to the Microsoft Security home page -- www.microsoft.com/security/ -- to download a special patch relating to certain phishing schemes

Always report "phishing" or “spoofed” e-mails to the following groups:

  • forward the email to reportphishing@antiphishing.com
  • forward the email to the Federal Trade Commission at spam@uce.gov
  • forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com")
  • when forwarding spoofed messages, always include the entire original email with its original header information intact

Personal Information

Top
 
 

 

Dyna Ddigon About Us | Copyright | ©2008 North Wales Community Safety Partnerships