Thursday 16 July 2015
Working in Ottawa today --Don't surf dumb
Good morning folks, I will be working in Ottawa today.
Woke up this AM and read about the Calgary couple the lost $20k out of their bank account to fraudsters that used an email transfer to a bogus account.
They can't understand how this happened and they find it notable that the bank "wasn't surprised" the woman half of the couple said "I thought they would be more shocked".
No, the bank was not surprised as this is a fairly typical theft.
I works like this. Either Binky or his wife received an email (known as phishing email) from persons unknown purporting to be their bank. The email would be either very well crafted and would include branding and the look and feel of communications from his bank, or it would be a horrible attempt at branding with mixed fonts and spelling errors. Both are tailored for different types of vics.
Within the email there would be some reason why the vic needs to login into their online banking. Need to verify the last few transactions, need to reset the password because of 'suspicious activity', what ever. But for the vic's convenience a link to the bank's online portal is right there in the email, just click...
The link of course leads to a fake bank site that is there steal the vic's login credentials.
Um.. Uncle Daniel, the reason for well crafted emails and ones that suck?
Oh yes, the well crafted ones are meant to fool the more savvy yet distracted user, and the poorly crafted ones to fool the less intelligent, gullible folks. It is actually quite clever. If you as the fraudster fools someone with the poorly crafted one, then you know that you have a good chance at bilking them into the distant future. You could follow up a theft with a fake email from a gov't agency that promises that for a $100 registration fee, the monies can be recovered and additional compensation provided. Depending on the gullibility of the vic, the bilking can continue for months, eventually draining all funds, assets, from the vic. Fool someone with the well crafted one, and the perp probably wants to make one hit, and recede into the shadows.
So what can one do to protect themself?
DON'T CLICK ON LINKS IN EMAILS.
Seriously. Even if you believe the email is from your bank and you have a burning desire to log into your account. Just open your browser and log in as you normally would. Same for PayPal, eBay, CRA, FaceBook, whatev.
I have also seen phishing attempts where phone numbers were listed to call gov't agencies demanding payment for tax arrears or fines. Of course these numbers route to a call centre of fraudsters who are more than happy to take your credit card or banking information.
If you need to contact CRA, go to their website on your own and get the number.
Have a great day, surf smart.