What is phishing?[i]

 

Phishing is a type of deception designed to steal your identity and ‘fish’ for your personal details. In a phishing scam, a malicious person tries to get information like account or credit card numbers and information, passwords, or other personal information from you by convincing you to give it to them under false pretenses (i.e. claiming to be from BBK). Phishing schemes usually come via spam e-mail or pop-up windows.

 

How does phishing work?


A phishing scam begins with a fraudster who sends out millions of fraudulent and deceptive e-mail messages that appear to come from popular Web sites or from sites that you trust, like your bank or credit card company. The e-mail messages, and the Web sites they often send you to, look official enough that they deceive many people into believing that they're legitimate. Believing that these e-mails are legitimate, unsuspecting people often respond to the e-mail's requests for their credit card numbers, passwords, account information, or other personal information.

A scam artist might put a link in a fake e-mail that appears to go to the legitimate Web site, but actually takes you to a scam site or even a pop-up window that looks exactly like the official site. These copies are often called spoofed Web sites. Once you're at one of these spoofed sites or pop-up windows you might unsuspectingly enter even more personal information that will be transmitted directly to the person who created the spoofed site. That person can then use this information to purchase goods, steal your funds, apply for a new credit card, or steal your identity.

 

5 ways to help protect yourself from phishing

Just as they do in the physical world, scam artists will continue to develop new and more threatening ways to trick you online. But following these five steps can help you protect your personal information.

 

Step 1: Never respond to requests for personal information via e-mail or in a pop-up window

Most legitimate businesses and financial institutions will never ask for passwords, credit card numbers, or other personal information in an e-mail. If you do receive an e-mail requesting this kind of information i.e. claiming to be from BBK, don't respond. If you think the e-mail is legitimate, contact BBK by phone or through the Web site to confirm. See Step 2 for the best ways to get to a Web site if you think you've been targeted by a phishing scam. Below is an example of how it works:

§         You will receive an email appearing to be from BBK or another legitimate company in or outside of Bahrain

§         The email may claim a number of different things such as:

o        There is a problem with your account

o        Asking you to enter a contest to win a prize

o        Asking you to subscribe to a service that will provide you with prizes and etc

§         You are then asked to provide your personal and financial information by completing an online form.

§         The form requests a variety of information such as:

o        Your credit card numbers

o        Your account number

o        Your passport number or CPR and so forth

§         Once you provide this information the fraudsters will have the necessary information on you to conduct a fraud.

 

Step 2: Visit Web sites by typing the URL into your address bar


If you suspect that an e-mail from your Bank or credit card company, online payment service, or other Web site you do business with is not legitimate, don't follow the links to the Web site from an e-mail message. Those links may take you to a spoofed site that might send all the information you enter to the scam artist who created the site.


Even if the address bar displays the correct address, don't risk being fooled. There are several ways for hackers to display a fake URL in the address bar on your browser. Newer versions of Internet Explorer make it more difficult to spoof the address bar. Thus, if you don't think you'll remember to update or if you prefer to have the updates downloaded automatically, you may be able to configure your computer for Automatic Updates.

Step 3: Check to make sure the Web site is using encryption


If you can't trust a Web site by the address bar, how do you know it's likely to be secure? First, before you enter any personal information, check to see if the Web site uses encryption to transmit your personal information. In Internet Explorer you can do this by checking the yellow lock icon on the status bar as shown in the following illustration.

Secure site lock icon

Secure site lock icon. If the lock is closed, then the site uses encryption.


This symbol signifies that the Web site uses encryption to help protect any sensitive personal information— customer ID, credit card number, payment details—that you enter.

Double-click the lock icon to display the security certificate for the site. The name following Issued to should match the site you think you're on. If the name differs, you may be on a spoofed site. If you're not sure whether a certificate is legitimate, don't enter any personal information. Play it safe and leave the Web site. To find out more ways to determine if a site is safe, read How Internet Explorer Keeps Your Data Safe

 

Step 4: Routinely review your bank account and credit card statements


Even if you follow the three steps above, you may still become a victim of identity theft. If you review your bank statement and credit card statements at least monthly, you may be able to catch a scam artist and stop them before they cause significant damage.

 

Step 5: Report suspected abuses of your personal information to the proper authorities

If you feel your personal information has been compromised or stolen, please call the Contact Center on 17207777 or email ebank@bbkonline.com .

 

 

 

 


[i] Phishing scams: 5 ways to help protect your identity, www.microsoft.com.