Credit Cards On The Internet
Is it safe to use my card to purchase over the internet?
Provided that you're satisified that the business that you are dealing with is bonafide and providing that you are using a PC that is secure, i.e. that its got a firewall in place and anti-virus software in place then there are no problems at all with using your card on the internet. It is a fact that actually the vast majority of internet card fraud that takes place is where a fraudster has stolen card details in the real world for use on-line. Therefore, one of the key things that you can do is just making sure you keep your card details safe in the real world so that you can happily shop on-line.
What is phishing?
Phishing attacks in the UK have really been focused on online banking users. It's where an organized gang typically send out large numbers of emails in the hope that they're going to hit the mailbox of a genuine customer of a genuine bank or similar business with a large number of customers. The email will typically invite you, as a customer of that bank or business, to click on a link. It will take you to something that looks, probably very, very similar to the genuine bank or business website and will ask you to disclose personal information. Of course, because it's a dummy website, what you're actually doing is disclosing that personal security information with the foragers who will then try and use that to transfer money out of your online bank account to another UK bank account for then, subsequently, wiring overseas.
Why is it called phishing?
Phishing is just a term that has grown; I don't know where it came from. It's about casting the net out to reach a number of people, in the hope of getting one or two victims.
How long have phishing and Trojan attacks been around?
The first phishing and Trojan attacks we saw in the UK were really quite recent, back on September 23rd. Since then, we've gone from seeing a handful of these attacks aimed at banks and building societies each month to in excess of 1,5 a month recently. Phishing and Trojan attacks really have grown phenomenally but not hand-in-hand with the number of victims as you might expect. The fraudsters only need to get one victim to make this type of fraud worthwhile, and it's actually quite a low-cost crime for them to attempt. Sending out e-mails with phishing and Trojan viruses, after all, is free.
What is being done to stop phishing?
There are lots of things happening at industry level to stop phishing. At a bank level, people will monitor the internet to pinpoint where these attacks happen and get the host site closed down. A lot of work has been done to make customers aware of the phishing scams, which are actually really very simple to avoid. As a customer, you should be suspicious of any unsolicited email that seems to come from a bank or business that you deal with. If it invites you to click on a link and disclose personal information, don't do it: it may well be a phishing scam.
How do the phishers get your e-mail address?
Phishers can get hold of your e-mail address because spam lists are easily obtainable. We're talking about lists that may - although it's very difficult to come up with them - have figures of a couple of hundred thousand each time one of these phishing e-mail attacks goes out. They go out in large numbers. Certainly I see phishing e-mails every day in my inbox and I'm sure most people are the same.
How successful are the criminals who use phishing scams?
We had loses in 2006 of around £33 million due to phishing scam, which is obviously a big sum. However, if you stack it up against the credit card fraud loses we see in the U.K., it's a relatively small issue. One of the reasons for this has to be that phishing is actually quite a difficult fraud for the fraudster to get away with, in that they can only transfer the money into a U.K. account, and then they have to get the recipient of that U.K. account to wire the money overseas. It does have a clear audit travel. Clearly, the figures for phishing are going up, but thankfully, not hand in hand with the large number of people who are happily banking online.
Who do I report a phishing incident to?
You can report phishing it to your bank, or you can report it on our website – the industry website – which is www.banksafeonline.org.uk. That would be very useful because that would make sure that we are capturing any new attacks and getting on the case to get the site closed down.
What do I do if I think I have disclosed my personal security details on a phishing site?
You should speak to your bank straight away to make sure that you can get your details changed and to make sure that any transactions attempting to go through can potentially be stopped.
Who do I contact if I think that I have been targeted by a Trojan?
A Trojan is a virus on your PC. You should obviously stop using your laptop for any banking online transactions or card transactions, get your online banking passwords changed straightaway, and speak to somebody, either your bank or the person that sold you the computer, to take action--to get it sorted out.
What is a money-mule scam?
A money-mule is the host of the stolen funds in the UK on online banking fraud. So they are accepting the money for then, typically, wiring overseas. As such, it's an illegal activity and somebody doing this, even if they say that they weren't aware of the facts, is liable for prosecution.
What should I do if I receive an e-mail which seeks my involvement in a money mule scam?
It would be useful if you get an e-mail or come across a recruitment site for money mule to report it to banksafeonline.org.uk because again the industry is working hard to crack down on any of these adverts and to get to the root of the problem to the forgers.
What should I do if I have become involved in a money mule scam?
If you have become involved in a money-mule scam, I would suggest that you speak to the police and to explain what you've done. Speak to the bank concerned and make sure that you refund any money that you have taken illegally into your account.
Is it safe to use online banking?
Online banking is very safe providing you do a couple of key things which is not to respond to unsolicited emails and to make sure that the PC that you're using to bank online is safe and secure.
If I have had money fraudulently withdrawn from my account will I get a refund?
All UK banks have published on-line guarantees that, providing you haven't breached terms and conditions, you'll get your money back if it is fraudulently withdrawn from your account. As it stands, we are not aware of any customers being held liable for phishing or Trojan scams, where the customer is the weakest ink in the chain. It is possible that if a customer falls victim to a phishing scam more than once, their bank may say, “We gave you good advice not to respond to an email. You haven't listened and therefore we are not paying out.” It is crucial that people take note of the advice issued on phishing and read the terms and conditions of their bank.
What are security updates?
Security updates are the updates that you should be doing on your computer on a regular basis to make sure that the anti-virus software / anti-spam software is kept up to date and giving you the best level of protection
Which security updates should I install?
Most people have Microsoft. Microsoft publishes regular updates, and free updates. But, you can get a lot of very useful information from www.getsafeonline.org. That contains a whole plethora of different security information that takes you through, very simply, what you need to do to keep your computer safe.