What is Phishing?
Internet phishing is a process of tricking customers into giving up their account and pin numbers and in some cases credit card details. Scammers typically create a web site that looks identical to an existing site. The customer assumes that they are looking at the real site and enters the requested details. The scammers then use this information to transfer money or withdraw cash.
Phishing attacks are generally initiated by an email requesting the customer updates their records. The email looks official, may request urgent action and can be very convincing. They can also start with advice on security, boasting about the security of their own site.
Here are some sample emails from phishing scams on financial institutions:
"We recently reviewed your account and suspect that your account may have been accessed by a third party. Protecting your account is our primary concern. As a preventative measure we have temporarily limited access to your account. To restore your access, please take the following steps to ensure your account has not been compromised..."
"We regret to inform you that your account could be suspended if you dont re-update your account details. To resolve this problem, please click here and re-enter your account information. If your problems cannot be resolved, your account will be suspended for a period of 24 hours. After this period your account will be terminated..."
"It has come to our attention that our account records are out of date. Failure to update your records will result in account termination. Please update your records within 24 hours. Click here to update your records..."
"We recently noticed one or more attempts to log in your account from a foreign IP address and we have reasons to believe that your account was hijacked by a third party without your authorization..."
"We are taking some security measures to protect our customers from online fraudulent login to their account and would like to take extra security measures to ensure that your account is safe and secure..."
What can you do about it?
* If you receive an unsolicited email that warns you that an account will be shut down if you don't take immediate action, never reply or click on any links provided in the email. Contact the company directly by using a trusted email address or previously known web address or by phone.
* If you suspect a page is fake, and there is no site address given, then right click on the page, click on properties and check the address of the page. If the address has an IP address (eg http://123.543.678.987/login.html) rather than a domain name then it should be treated suspiciously. Do not enter any information and contact the real company as soon as possible.
* Never send your account number or pin number via email. Most email is not encrypted and could be hacked and your information used to access your account.
* If you are submitting personal information through a website, look for the padlock icon on the browser status bar (bottom right). This indicates your information is encrypted during transmission. The certificate can be checked further by clicking on the padlock icon. Also, secure sites display https at the start of the web address the 's' indicates it is secure. If the padlock is not displayed (eg www.tab.co.nz), right click on the login page, click properties and check the address starts with "https"
Review your credit card and bank statements as soon as you receive them and check for fraudulent transactions.
The NZ Racing Board will never request your account number or pin number via email.
If you receive suspicious looking emails from the NZ Racing Board or TAB, please contact us immediately and forward the email to email@example.com