Sales: 13 19 60    Support: 1300 786 068    Billing: 1300 855 006
Search For: 
Phishing
MyHelp Home > Internet > Online Safety > Phishing

Labels: 
Added by Westnet (David Dembo) , last edited by Westnet (Fred Harman) on Mar 25, 2008  (view change) show comment

'Phishing' is the act of fraudulently acquiring sensitive information about a person (e.g. usernames & passwords, credit card details, addresses, phone numbers, etc) by pretending to be a trusted party. Once a 'phisher' has acquired this information, they can use it to impersonate you or defraud you.

Phishing commonly takes the form of an email that often appears to come from a trustworthy or recognised company such as a major bank, eBay or PayPal - even Westnet! Typically the recipient is prompted to either reply to the email or follow a link to a fake website, and provide the requested information due to an invented scenario that requires urgent action - for example:

  • As proof that an account is still active, threatening deactivation if they are not provided
  • Due to a database error
  • In order to claim a fake prize from a fake competition

Protecting Yourself Against Phishing

Often the fake email and/or website can be almost identical to the real thing, making it quite difficult to spot the difference. Below are several tips to help you identify a scam and prevent yourself from falling victim to it.

You can find details on many current and previous phishing emails on the Anti-Phishing Working Group's Phishing Archive.



Do not send personal details over email

Westnet staff NEVER request account details over email, including your username or password.

If you are ever required to update personal details we will always advise that you make the change either over the phone with an Accounts Team member, or through our MyAccount website (see below).

You will find that most companies follow this basic guideline - in general you should be suspicious of any such requests, and contact the company via telephone if you are unsure whether it is legitimate or not.

Manually visit the website

In many cases a hyperlink in a scam email can display an address that appears to be valid, but actually directs you to a different address upon being clicked. If you are asked to follow a link in an email, for example to log into MyAccount, you should manually type the website's address (URL) into your browser's address bar to ensure that you are not being tricked in this manner. If you frequently visit the page, you could create a bookmark after visiting it manually.

Ensure the website is using encryption

Websites that use encryption offer greatly improved protection by making it far more difficult for a phisher to intercept your sensitive information. You should avoid entering personal information over an unencrypted connection if possible.

You can verify whether or not a website is secure by looking for a 'lock' icon - the location of this icon depends on the browser that you are using. If you are using the current version of Internet Explorer or Mozilla Firefox, this will be located to the right of the address bar. In older versions, it is located at the bottom right of the window (on the status bar).

Double-clicking the lock icon will bring up details of the website's authenticity and encryption strength. You should always ensure that the details following "Issued to" match the website that you are visiting.

Keep your software updated

Make sure you have all of the latest security patches for Windows and Internet Explorer. You should also periodically check for updates to any protection software that you may have such as virus scanners, firewalls, anti-spyware software, etc.

New versions of software often introduce new security features that will help protect you against phishing - for example, the latest versions of Internet Explorer and Mozilla Firefox will both alert you if the website you are visiting is a known phishing website.

Report suspected abuse

If you have reason to believe that your personal information has been stolen and is being used without your consent you should contact the proper authorities immediately, as well as any relevant institutions such as your bank so that they can prevent further abuse.

You may have recently received an email or emails claiming to be from Westnet, requesting your username and password details. PLEASE NOT DO REPLY TO THESE EMAILS. For more information on these recent phishing attempts, please see the MyHelp news item here.
 

If it sounds too good to be true, it usually is

If you've apparently won a competition that you did not even enter, or if somebody you've never met needs your bank details to help them transfer a fortune - you can guarantee that you're being scammed.
Powered by Atlassian Confluence 2.7.3, the Enterprise Wiki. Contact Administrators

© Westnet Pty Ltd. All Rights Reserved