- Skip to content [access key 's']
- Skip to navigation [access key 'n']
- Skip to site map [access key '3']
- Accessibility information [access key '0']
Stay informed...
Tell us about...
Frequently asked questions
Please select a question...Phishing Explained
What is phishing?
Phishing is the name given to the practice of sending emails at random purporting to come from a genuine company operating on the Internet, in an attempt to trick customers of that company into disclosing information at a bogus website operated by fraudsters. These emails usually claim that it is necessary to "update" or "verify" your customer account information and they urge people to click on a link from the email which takes them to the bogus website. Any information entered on the bogus website will be captured by the criminals for their own fraudulent purposes.
How can I prevent myself being a victim of phishing?
The key thing is to be suspicious of all unsolicited or unexpected emails you receive, even if they appear to originate from a trusted source. Although your bank may contact you by email, they will never ask you to reconfirm your login or security password information by clicking on a link in an email and visiting a web site. Stop to think about how your bank normally communicates with you and never disclose your password in full or personal information.
Banks will never contact you by email to ask you to enter your password or any other sensitive information by clicking on a link and visiting a web site. The emails are sent out completely at random in the hope of reaching a live email address of a customer with an account at the bank being targeted.
How to spot a phishing email
1 - Who is the email from?
Phishing emails can look like they come from a real bank email address. Unfortunately the way Internet email works makes it a relatively simple matter for phishers to create a fake entry in the "From:" box.
The email address that appears in the "From" field of an email is NOT a guarantee that it came from the person or organisation that it says it did. These emails were not send using the bank's own systems.
2 - Who is the email for?
The emails are sent out at random to bulk email lists and the fraudsters will almost certainly not know your real name or indeed anything else about you, and will address you in vague terms like "Dear Valued Customer".
3 - Take a closer look at the email - does it look "phishy"?
The first thing to remember is that banks will never write to you and ask you for your password or any other sensitive information by email. The message is also likely to contain odd "spe11ings" or cApitALs in the "Subject:" box (this is an attempt to get around spam filter software), as well as grammatical and spelling errors.
Example scam email:
Never log-on to your online banking account by clicking on a link in an email. Open your web browser and type the bank's address in yourself.
If in any doubt about the validity of an email purporting to come from your bank, contact them on an advertised phone number.
4 - Where's that hyperlink going to?
Unfortunately it is all too possible to disguise a link's real destination, so the displayed link and anything which shows up in the status bar of your email programme can easily be falsified.
How to spot a Phishing web site
What's the site address?
If you visit a web site after clicking on a link from an email, there are many ways of disguising the true location of a fake web site in the address bar. The site address may start with the genuine site's domain name, but that is no guarantee that it points to the real site. Other tricks include using numerical addresses, registering a similar address (such as www.mybank-verify.com), or even inserting a false address bar into the browser window. Many of the links from these pages may actually go to the genuine web site, but don't be fooled.
Beware of fraudulent pop-up windows
Instead of displaying a completely fake web site, the fraudsters may load the genuine web site in the main browser window and then place their own fake pop-up window over the top of it. Displayed like this, you can see the address bar of the real web site in the background, although any information you type into the pop-up window will be collected by the fraudsters for their own usage.
To access your online banking account, type the address into a new window yourself. The address of your genuine bank site will start https and will include a small padlock in the bottom of the browser window.
Reporting suspicious emails
If you receive a suspicious email, please inform your bank as directed on their web site and forward the email to our report a scam email address.
Remember:
- Banks will never email you to request that you "confirm" or "update" your password or any personal information by clicking on a link and visiting a web site
- Treat all unsolicited emails with caution and never click on links from such emails and enter any personal information
- To log-on to Internet banking, open your web browser and type the address in yourself
- If in doubt about the validity of an email, or if you think that you may have disclosed information to a fraudulent site, contact your bank immediately on an advertised number.
Brought to you by: 