We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Don't be caught - Phishing Discussion

Options
MSE_Martin
MSE_Martin Posts: 8,272 Money Saving Expert
Part of the Furniture 1,000 Posts Combo Breaker
The following discussion relates to

Special Briefing, Phishing - avoiding scam e-mails

To discuss it or ask a question, please click reply
Martin Lewis, Money Saving Expert.
Please note, answers don't constitute financial advice, it is based on generalised journalistic research. Always ensure any decision is made with regards to your own individual circumstance.
Don't miss out on urgent MoneySaving, get my weekly e-mail at www.moneysavingexpert.com/tips.
Debt-Free Wannabee Official Nerd Club: (Honorary) Members number 000
«134567

Comments

  • Less common, but more dangerous are the 'key-loggers' which track the login names and passwords even if you use legit banking sites. Good Spyware protection should help reduce the risk of these - Adaware, Spybot S&D and Spyware Blaster are all very good and all free
    Val :)
  • System
    System Posts: 178,344 Community Admin
    10,000 Posts Photogenic Name Dropper
    'key-loggers' which track the login names and passwords even if you use legit banking sites.

    Good banking sites use techniques to prevent keyloggers working. Unfortunately most banks either employ stupid IT staff who fail to implement these basic security procedures or are too cheap/greedy to pay for them, and prefer to blame their customers instead.
    This is a system account and does not represent a real person. To contact the Forum Team email forumteam@moneysavingexpert.com
  • paulcdb
    paulcdb Posts: 160 Forumite
    i must have a really bad memory, i got one today from lloyds tsb doing a security check... don't actually remember opening an account with them though ???

    grrrrr, trouble is how many times do people have to be told before they'll listen :-/
  • Noobie_2
    Noobie_2 Posts: 205 Forumite
    These are a few clips from recent articles I’ve seen re phishing and ‘virus’ capabilities:


    Banker-AJ virus tracks online banking transactions.  
    A new virus has been discovered that monitors online banking sessions, collecting passwords and taking screenshots, before sending them off across the Internet where they can subsequently be used to access accounts.  
     
    Sophos says it has found examples of Banker-AJ, which targets UK banks, including Abbey, Barclays, Egg, HSBC, Lloyds TSB, Nationwide and NatWest.  
     
    http://www.pcpro.co.uk/news/65637/bankeraj-virus-tracks-online-banking-transactions.html  


    Many of the sites trying to con people into handing over personal information are being hosted on hijacked home computers.  
     
    Many of these sites look almost indistinguishable from the website they are posing as and use hi-tech tricks, such as fake toolbars, to hide their real location.  
     
    It also suspects that most of these sites are on hijacked home computers that have been infected by a virus or worm.  
     
    http://news.bbc.co.uk/2/hi/technology/4037975.stm  


    More than 30,000 PCs per day are being recruited into secret networks that spread spam and viruses, a study shows.

    Once created the networks of zombie PCs are used as anonymous relays for spam, to launch denial of service attacks on websites or simply to steal confidential information about a PC's owner.

    … the bot nets are being put to many outright criminal uses, the writers of the programs that create the networks are happy for their creations to stay out of the limelight.

    http://news.bbc.co.uk/1/hi/technology/3666978.stm


    Breakfast's Max Foster has been investigating. He found it surprisingly easy to hack into a friend's computer and read details of bank accounts and passwords.

    We managed to hack into the PC of our Breakfast guinea-pig, Natasha Gorwitch, with software which is freely-available on the internet.

    The spyware took "photographs" of her computer screen, revealing her bank account, bank balance and friends' addresses.

    http://news.bbc.co.uk/2/hi/programmes/breakfast/4019807.stm

    So don’t do any internet banking, etc, at work / on a public pc! And don't think, because these threats are usually labelled as 'viruses', that an anti-virus program alone is protection. You need a minimum of AV, firewall, and at least TWO anti-adware/anti-spyware progs (i.e. Ad-Aware and Spybot S&D).

    If I'm preaching to the converted - apologies - but there must still be lots of folk out there not as knowledgeable as you.

    If you haven’t already seen this part of the site, you might want to visit the ‘Techie Questions & Discussion’ section.  At the top there’s some very useful info from Fran about Computer Security and Viruses (usually involving free products), and the (related) subjects crop up daily.  The guys on that part of the site are very friendly and helpful (as I'm sure you guys are!)
  • With the sophisticated spyware freely available these days online anyone can hack an online bank account.
    The spyware programmers always seem to be one step ahead of the banks and security personnel, not only with sophisticated key loggers but also screenshot data and even remotely programmable and untraceable.
    Make sure you have spyware remover and run it on a regular basis.
    I use 2 online banks and could easily hack into one of them, some banks now use certificates on the computers so unless you have physical access to the computer, you cannot access the accounts.
    I have tested several spyware programs and the data they gather is immense, they even change their names and location on the computer so they are virtually impossible to track down.
    The answer to all these problems is simple.
    Do not open any email attatchments or download anything suspicious online unless you are 100% confident with what you will recieve. If you dont download anything or open attachments you will never attract a virus or spyware, also beware of images, many spyware now comes disguised as an image in an email, once you click on the image the file is downloaded to your computer. Finally make sure your internet security settings are set correctly in control panel.
    Paul
  • szturc
    szturc Posts: 10 Forumite
    There is a free programme called Whois you can use to find out who really sent an E-Mail. useful if you just want confirmation that your suspicions are correct.

    The site is https://www.whois.net
    Be ALERT - The world needs more LERTS
  • njm_2
    njm_2 Posts: 99 Forumite
    I've received two "phishing" emails within the last month - lucky me :-/ - both were very convincing, however I was surprised at the contrasting attitude of the fraud departments when I reported them. Perhaps it was because I held an account with one of the banks that resulted in the better service?
    I came, I saw, I did a little browsing.
  • System
    System Posts: 178,344 Community Admin
    10,000 Posts Photogenic Name Dropper
    With phishing the problem is the lack of interest by the police.

    If I went round knocking on little old ladies doors asking them for their credit card details, I am sure that the police would take a great interest in my activities.

    If somebody does the same thing by email, well I bet you couldn't even get a crime number out of them if you reported it.
    This is a system account and does not represent a real person. To contact the Forum Team email forumteam@moneysavingexpert.com
  • Noobie_2
    Noobie_2 Posts: 205 Forumite
    Webwonder, good advice re attachments and downloads but I don’t think the answer is quite so simple, nor do I think that it will ensure that “you will never attract a virus or spyware”.

    Some downloads are essential.  For example, if you’re on XP it’s pretty essential to download Service Pack 2 – this will keep your pc a lot safer.  Also, as new infections are coming out all the time, it’s pretty essential to download up-dates to your anti-virus program, firewall, Ad-Aware, Spybot S&D, etc.  But – only get your downloads from the site(s) recommended by the makers of the program (i.e. their own site or their ‘mirror’ sites).

    100% confident?  Not so easy – recently I wanted to watch a video clip from the BBC on-line news.  No problems there, the BBC are a very reputable organisation – but to do so I had to download, via the BBC site, a program called RealOne Player.  No way – this has been well hammered for *ALLEDGEDLY* (just to keep you guys at MSE happy) being riddled with adware and spyware.  What really made me laugh was - the BBC video clip I wanted to watch was about….. spyware.  (Fortunately, there’s another, crap free, program called Real Alternative).

    Similarly with attachments.  You may be 100% confident that your brother/sister/best friend wouldn’t deliberately send you an infected email attachment.  
    But are you 100% confident they KNOW 100% that their pc hasn’t got anything nasty that they could inadvertently pass on?

    And even if you don’t download anything, or open any attachments, it doesn’t keep you safe.  You don’t always need to open an attachment; just opening an email can be enough (so never open any email from anyone you don’t know).  

    If you haven’t got a firewall you’re leaving yourself wide open to hijackings and spies.  For example, when you connect to the internet you are taken to your ‘home page’.  If your pc is ‘hijacked’, this can be changed to, eg, a !!!!!! site or some other site you don’t want to go.

    And you can pick up a ‘nasty’ simply by visiting a web site.  

    Sounds pretty dire, or not?  No problems with your pc?  Well, would know?  A lot of ‘viruses’ are now designed to work away nice and quietly so they won’t know they are there, doing their dirty work.

    Certainly, common sense, the survival instinct, being a bit ‘street-wise’ about what you download, what you open, what sites you visit, etc, is VERY good practice but, unless you’re pretty clued up about this, I’d still recommend reading Fran’s bit about ‘Computer Security’ in ‘Techie Questions and Discussion’ and then, maybe, follow up some of the links there for more information and then downloading some of the programs recommended there.  One bit of good news – a lot of very good stuff is available from/via there for FREE.  So, if you're concerned about what could happen to your pc, or if you're getting loads of ads, or think you might have a problem already - that's a good place to go.
  • Noobie_2
    Noobie_2 Posts: 205 Forumite
    If you haven’t watched this article about phishing on the BBC you might find it very revealing.  To watch the video clips you can either use RealOne Player (allegedly dodgy) or Media Player Classic (if you’ve already got either of those) or you can download the Real Alternative (which includes Media Player Classic) from here:
    http://www.free-codecs.com/download/Real_Alternative.htm

    (go for latest version - think its 1.29)

    Then go to this link: http://news.bbc.co.uk/2/hi/programmes/breakfast/4019807.stm

    Click on the three ‘Video’ links in the top right hand corner to watch the video clips.

    Each clip lasts about six minutes and, on my pc, picture quality isn’t great and they pause to ‘reload’ – still worth it.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.9K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.9K Work, Benefits & Business
  • 598.8K Mortgages, Homes & Bills
  • 176.9K Life & Family
  • 257.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.