Security on the Internet: do you know what phishing is?

“Forward this message to 10 contacts and you could win a free flight”. “You have received a parcel and it could not be delivered; download the shipment details here”. “Your account/username has been blocked for security reasons; check your details to re-enable it”. “I am an African prince who needs to recover an inheritance” … At some stage, we have all been potential victims of phishing in one way or another.

As IT control systems are increasingly secure and difficult to crack, fraudsters have had to find other ways of obtaining the personal information they need from users, and one of them is to trick them into handing it over themselves.

Phishing is a type of computer scam that consists in someone pretending to be from a company contacting a person to obtain information about personal data, passwords, bank accounts, credit card numbers, identification cards, etc., and use them for fraudulent purposes.

Contact can take place in a number of different ways: a phone call (vishing), an SMS or text message (smishing), a link to a website that looks like another, a pop-up window or an email, for example. In all cases, the person contacted is asked to provide or give access to personal information, supposedly for security or maintenance reasons, or is led to believe that a survey is being conducted or a special offer being promoted. Basically, anything that makes that person provide her or his personal details.

Phishing comes from the word fishing, as it is a metaphor for using a hook and bait to catch a person out.

The most well-known and widespread method is to make contact via email. These emails contain a link to a website that is an almost identical copy of the login page of the company fraudsters are attempting to impersonate. Both the email and the website may contain logos, forms, texts, etc., to make it seem that they are the same as the legitimate company’s, so that the user enters personal information and sends it.

How can you spot a phishing message?

It is not always easy to realise that an email received is a phishing message, especially if it supposedly comes from a company you normally contact or are a customer of.

Hew are a few tips that can help you spot phishing messages:

• They are often full of spelling mistakes and badly written or constructed sentences.
• They use generic, non-specialised phrasing in an attempt not to be intercepted by protection software.
• They have the same sender and recipient address, in the case of emails.
• They usually give instructions that, for some strange reason, prompt users to send their username and password, either to an email address or via SMS to an unknown telephone number.
• They frequently have a link to a scam website where information will be requested for authentication details of the secure area of a website, such as the username and password for a bank account.

How can you protect yourself?

• Never give your personal details via email or SMS. Companies and banks will never ask for financial details or credit card numbers using these media.
• Do not click on links in emails you are unsure about or if the sender is unknown to you.
• If you want to see a link, never do so directly from your email. Write the address in your address bar.
• When you visit a web page where you have to enter your details, always check that the website address you wrote in your browser is right; there are pages that change one or two letters of the address of another company so that the details of users who go to them without checking can be stolen.
• Check that the website you have entered has a secure address: it should start with “https://” and a small locked padlock should appear just to the left of the address bar.
• If you have any suspicions about the authenticity of a message, contact the bank to check the information you have been given.
• If you suspect that you have been the victim of phishing, immediately change your username and password, and tell the bank what has happened.

It is important that you should be aware that MoraBanc has maximum security measures to ensure confidentiality in its messages to customers, and we will never ask you for your username, password or personal details via email or text message.

To find out more about MoraBanc’s online security, follow this link to our website. In addition, in this article by the Spanish Internet User Security Office you will find specific information and advice to protect yourself against attempts at phishing related to online banking.

If ever you receive a message that seems suspicious or strange, please contact our customer service department, TeleBanc, by calling +376 884 884. To avoid potential scams, always connect to your online bank account from our website (https://www.morabanc.ad) or from our mobile app.