Danger #3: Fraud and "Phishing"

It is unfortunate, but unscrupulous companies and individuals have been able to take advantage of the trusting nature of some internet users over and over again. In this section we'll cover some of the DOs and DON'Ts of using the Internet in order to help you protect yourself from those who would like to take advantage of you.

To start with, here are two general rules you should keep in mind at all times:

Firstly, never, EVER, send out your credit card details by email. Do not send out passwords in response to unsolicited requests by email either, even if the request APPEARS to come from a reputable source. Any reputable company will provide some way of contacting the person who has made the request by telephone, and a telephone number you’ll already know, or can be found in a phone book or official web site, not one that a fraudster might have set up just for the purpose (see "phishing" later on for more details).

And secondly, when shopping online: never, EVER, type your credit card details, personal information, passwords, or anything else for that matter, in a web site that isn’t trustworthy. What does trustworthy mean in this context? This is a difficult question to answer. But if it’s a big name company you’ve heard of, then you are probably safe. If it’s a less well known site that you’ve just discovered, browse through the site and see what it has to offer. Are phone numbers and a postal address for the company listed (never deal with a company that doesn't publish phone numbers of contact addresses)? Is it affiliated with a well-known company? Is it mentioned (favourably) by other Web sites? Once you’ve satisfied yourself that the site is trustworthy, make sure your Web browser is connected in “secure mode” to the site before entering your credit card details. Secure mode is usually indicated by a small symbol that looks like a closed padlock appearing at the bottom of your browser window, but there are exceptions to this rule.

Next we'll talk a little bit about "phishing"....

"Phishing":
From time to time you may receive an email that appears to come from your bank, building society, ISP, ebay, domain name registrar or other well known company, asking you to update your personal details or respond to a possible fraudulent transaction on your account or something along these lines. To do so you are usually asked to click on a link within the email which will take you to a website that looks as though it is an official website belonging to the company involved. You will then usually be asked to enter details such as your username and password to login, and possibly provide other details such as your date of birth and credit card information. DO NOT DO SO.

Why? Because your bank, building society etc will almost certainly have NOT sent this email. Instead it will have been sent by fraudsters to millions of email addresses in the hope that the recipient will be a customer of the company the email is supposedly from. And the website that the email asks you to visit will have been set up by the fraudsters, not your bank etc. Often it will simply be a copy or very official-looking variation of the real bank (etc) website, but it will not be the real website. And the moment you enter your username and password and any other confidential information into this fake site, the fraudsters will have access to your real account and can wreak havoc. This is known as "phishing", a high tech version of plain old fishing, where "bait" is thrown out over a wide area in the hope that a few will get "hooked", even if the majority ignore it.

Phishers usually use more sophisticated techniques to hide their trickery, but a very simple example of how you can be fooled into visiting a website that isn't genuine is as follows: If you click on the following link you will NOT go to the the name of the Bank website. Instead you will be redirected to the Cymru 1 website: www.some-bank-name-or-other.co.uk Imagine that if, instead of the Cymru 1 website, the redirect was to a website that looked like the Barclays one and even had an address that appears to be similar to the Barclays one, and asked you to login with your online banking username and password ,you might well be fooled into doing so, thus giving the phishers all they want: your online banking username and password.

Please note that the simple example above may trigger certain Internet Security utilities into flagging this page as containing a possible fraud attempt - just as they should if they are working correctly.

Cymru 1 has recently received some extremely official-looking and very convincing "phishing" emails supposedly from PayPal asking us to update our details with them following an account review. These emails were extremely well designed and of a very professional nature. Please therefore be very careful and treat any email of this nature with extreme caution.

IMPORTANT NOTE: Some legitimate companies do need to send you notifications by email from time to time. For example WorldPay, a very well known online credit card processing company, may send you notification that the credit card you have used to make regular payments for a service (such as Internet access) has expired and that you need to update your details. Similarly, your domain name registrar may send you notification that your domain name is due for renewal and will ask you to login to your account to pay for re-registration. Do not, therefore, assume that all emails asking you to update your information are sent from fraudsters. If in doubt, just don't click on the link shown in the email (if it has been sent by fraudsters, the address actually visible in the email may not be the address that clicking on the address will take you to anyway). Instead, simply visit the appropriate website directly. If you don't know the appropriate address off-hand, use a search engine like Google to search for it.

WEB SITE AND DOMAIN NAME OWNERS - PLEASE READ:
In addition to everything mentioned above, owners of domain names and those running websites should note the following:

1) A number of less than reputable companies monitor various sources and gather information on when domain names are going to expire. They then send out emails and sometimes even letters to the owners of the domain names, telling the owner they must renew the domain name in order to continue to use it and to therefore fill out a form and and enter credit card details or send a cheque. What is not made clear by these emails or letters is that the company sending them is NOT the company you registered the domain name with in the first place, and that by filling out the form you will be transferring the domain name away from the original company into the clutches of the one sending the email or letter. And we use the word "clutches" advisedly - such companies are almost always trying to rip you off. Their registration prices are usually two to ten times as much as you'd have paid if you had continued with your original registration company. In addition, you may be forced to pay "transfer out" fees if you realise your mistake at a later date and want to try to get your domain name transferred back to a reputable company. So if you receive a notification that your domain name needs to be renewed, before doing anything about it please make absolutely sure that the email or letter has been sent by the company that you originally used to register the domain name. If in doubt, contact your original registrar and ask them if they have sent you anything, and how you should go about renewing your domain name correctly.

NOTE: Often the "less than reputable" companies we are talking about here will use company names that sound similar to, but not quite identical to, well known companies. Please be careful.

2) Another collection of "less than reputable" companies monitor domain name registrations and send out emails to their owners suggesting that you "update your information in our [free] directory". Alternatively such companies may monitor reputable directories and search engines and email you as soon as they notice you've submitted a new site. As a rule of thumb is is best not to respond to such unsolicited messages as they are likely to be spam and should be ignored it.

In fact some such companies may send you emails demanding payments which you apparently owe them for listing your domain name in their directory. Often they will say that if you don't pay now, you will be charged more due to "late payment fees" or similar. More often than not, this type of email will arrive as a result of you submitting your web site address to search engines. And more often than not you may start wondering if you do actually owe these people money ("What if I didn't see that I had to pay for X, Y and Z when I submitted my site?"). But 99 times out of 100 this is just plain fraud - these people are just trying to pull a fast one. Think about it ... what sort of Internet company will allow you to sign up for something without paying for it first? And if in doubt, contact your solicitor.

IN ALL CASES:
THINK BEFORE YOU ACT. THINK BEFORE YOU PAY. SEARCH GOOGLE FOR REFERENCES TO ANY COMPANY THAT CLAIMS YOU OWE THEM MONEY OR OFFERS YOU A SERVICE OR WANTS YOU TO RENEW SOMETHING. THINK THINK THINK! SEARCH SEACH SEARCH.

On the next page we will talk about the less savory side of the Internet, and how to avoid being caught out by it. Click on the Go on to next page link below to read about this, or click on the View Internet Security Index link to go back to the index page

NOTE: What we describe on these pages is merely our opinion of what the most important things you need to know and do in order to keep your Internet experience as safe as possible. You should therefore not treat it as a definitive text on Internet security, nor as being necessarily 100% accurate, but instead simply as a general guide.

Advertisement: Would you like a UK telephone number (including 0207 Central London numbers) that you can divert to almost any telephone number almost anywhere in the world? Click here to find out more.