Some customers of commercial banks in the country are at risk of falling victim to Internet fraudsters behind the current surge in dud e-mails. Many bank customers admit they have received mails requesting them to verify their bank account information or risk having the account suspended.
This e-mails, purported to have emanated from the online security units of commercial banks, request the customers to click on a link in the mail and instructs them to enter their user ID and password into the website in a bid to acquire sensitive banking information.
Online security experts call them ‘phishing mails’. Obviously they are sent by fraudsters disguising as trustworthy entities for the sole purpose of stealing people’s identity.
A customer of one of the new generation banks, Olusanjo Lawrence, observes a sharp increase in the number of phishing mails he has received over the past few weeks.
Lawrence adds that he usually receives such e-mails whenever he concludes a transaction with his bank.
He says, “These e-mails get delivered to my mail box as soon as I receive transaction alerts from my bank. But I decided to take one of the mails seriously after the sender requested me to update my bank information so as to prevent online fraud.
“As I clicked on the link, I was directed to a page containing a form that had to be filled in. I had started filling the link when it occurred to me that the web address I was directed to did not belong to my bank. I immediately alerted my bank on their customer care line about the development.”
Our correspondent, who has also received many of such fraudulent e-mails, observes that they are almost similar to original bank alerts.
One of such e-mails sent to our correspondent on Tuesday reads:
Your XXX Bank Online security is still not active.
Please login below to activate your Online Banking security.
Online banking Log on.
Please complete your online verification
2013 XXX Bank Nigeria plc.
When the link attached to the website for the purpose of verification was clicked, he was redirected to a site with a URL totally different from that of his banker. At the website, www.gotadaguanoticias.com, the bank information update form requested some personal details such as User ID, Password, telephone number, security question, security answer, e-mail address and password.
The information on the form went on to instruct him to press his token device and type the new code generated before finally submitting the form.
An online security expert, Olorunfemi Lawore, says fraudsters who send phishing mails are merely tossing baits out to see if unsuspecting members of the public will bite, adding that falling for such a scam could deal a devastating blow to victims.
Lawore, who is a certified ethical hacker and head of operations, GNT Nigeria, an IT training and consulting firm, explains that phishing is actually geared towards trying to make people click on a link or going to a URL so as to gather information about usernames and passwords.
Explaining how ‘phishers’ gain access to the e-mails of their victims or potential victims, he says, “They get people’s email by using tools such as email harvesters which pull emails from various sites based on keywords.
“Also, they steal emails from people’s computers through peer to peer websites, as well as from hacking into registration portals of websites. Besides, worms and viruses could be used to steal emails from mail clients, such as Microsoft outlook on people’s computers.”
Lawore notes that there are many tell-tale symptoms of a phishing scam that those who engage in online transactions can memorise in order to prevent them from falling victim to multi-million naira scams.
He says, “You can easily tell when a mail is a phishing, especially if you are not expecting it. Also, if you place the cursor of your mouse on the link attached to such e-mails and you find that what is on the link is not what is showing on the status bar on your browser, then you must desist from clicking the link.
“But do not reveal any personal or secret information or password about yourself online and always disregard mails asking you to do so. Besides, never click on internet links without thinking twice or asking why you are being sent a mail to click on a link.
“If you are not expecting such e-mails, always visit the legitimate website of the organisation that the sender claims to represent and call their official phone number to enquire why and if the request is from them.”
Lawore advises victims of phishing scams to immediately reset their online passwords as soon as they are being set up, adding that they should do so by using a safe Internet connection and activating a legitimate antivirus software.
“The affected parties, such as commercial banks and their clients, should also be immediately alerted,” he says.
Written by BY TEMITAYO FAMUTIMI for punch newspapers.
follow me on twitter