Phishing
Phishing is the fraudulent practice of sending you deceptive emails or other messages to trick you into giving your personal or financial information. They do this by pretending to be from a trustworthy company or organisation.
Your personal details can be used by them to steal money from your bank account, spend money using your credit card, get loans by faking your identity or open fraudulent accounts.
There are 3 main types of phishing scam:
Phishing emails
One of the main ways scammers target victims is through email to try and get your personal information. Fraudsters imitate companies like banks, credit card companies, online retailers, delivery companies, utilities and government bodies. They often use the same logo and an email address similar to that of the real organisation to make their scam appear genuine.
Example
You get an email that looks like it’s from your bank asking you to verify a transaction that you don’t recognise. The email contains a link which take you to a website which looks like your bank’s website and asks you to ‘verify’ your account information. The email prompts you to take urgent action, warning that your account may be blocked or card cancelled if you don’t. Always contact your bank yourself independently to check everything is okay if you get an email like this. You should use the number from the back of your bank card so that you know it’s genuine.
How to spot a phishing email
- Urgent call to action
Scam emails often indicate something is wrong and that you need to act immediately. They may ask you to update your account details or reactivate your account. They will often claim you need to act now to claim a reward or avoid a penalty.
- Suspicious links or attachments
Be suspicious of emails asking you to click or open an attachment. It is a common trick to create a false sense of urgency. They do this to stop you thinking about it too much or checking it with someone you trust.
- Unusual email greeting
When receiving an email from somebody you don’t recognise, examine it carefully. If the email starts with a generic ‘Dear Sir or Madam’, it could well be a sign that it’s not really from the organisation you’re led to believe. Most businesses should know your name and will not address you in this manner. You should also check that the address the email says it’s from matches the name of the sender.
- Poor grammar and spelling
A badly worded email with spelling errors may be a scam. Most workplaces have specialist staff who handle their communications. It is unlikely therefore that emails from reputable sources will contain such errors.
- Check the email domain
An email domain is the web address that comes after the @ symbol in an email address. The email might claim to be from a reputable source like your bank, but the email domain shows otherwise. Scammers tend to use a free webmail address like @gmail.com or have a very subtle misspelling of the official domain name. This could be as simple as them having a number instead of a letter in their spoof email address. Make sure you examine the fine detail of the email they send from and cross check it with the official website to see that it’s the same.
Smishing over sms
‘Smishing’ is where scammers send fraudulent text messages to mobile phones randomly and attempt to get personal or financial details from you. They can be hard to spot as the texts may even appear within a genuine thread of text messages you’ve received from a legitimate organistion.
The kinds of trusted organisations being imitated by these thieves include banks, credit card companies, online retailers, delivery companies, utilities, motorway operators and government bodies. They may even pretend to be a family member of yours in distress and ask you to help by sending them money.
Top tip
Never click on a link within a text, or call a number you are asked to call from a text. If you’re unsure that a text message is legitimate, go to the business’ website and contact them directly rather than using the link in a text message.
Signs of a smishing scam
There are certain red flags you should look out for:
- unexpected text message claiming to come from a reputable organisation which asks you to visit a website or call a phone number you don’t recognise
- the message will try to alarm you by claiming you need to take urgent action to avoid negative consequences. It might say that you need to verify, reactivate or immediately update your account details, or you may be told you owe a payment or need to pay to avoid a penalty
- you’ll be asked to click on a link in the text bringing you to a fake website – scammers can create very professional looking fake websites that imitate real websites
You receive a text claiming to be from your broadband provider. It tells you that your last payment didn’t go through properly and that your internet is going to be disconnected. The text includes a link to a website and asks you to update your account details there immediately. Remember to stop, think and check first. Don’t feel pressurised into doing anything. You should check independently with your broadband company to see have they sent you this text.Example
Further information
The Commission for Commuications Regulation (ComReg) is the statutory body responsible for protecting consumers in this area. Read their advice about scam texts.
Vishing by phone/voicemail
Scammers may phish for your personal information directly by phoning you or by voicemail. The scammers will call you pretending to be from well known trustworthy organisations. They will try to trick you into giving them your personal or financial information. They will likely have some details about you already such as your name or address, or they may have details on fraudulent transactions on your account that they have made. Some scammers may also ask you to install software that will later be used to get your personal details when you shop online.
As with the other forms of phishing, they make it sound urgent to get you to act quickly. A persuasive voice on the phone can be convincing enough for people to reveal their personal details. Never give out personal details if a business calls you, instead call them back immediately using a number you know to be legitimate such as the one on the back of your debit or credit card.
You get a call from someone pretending to be tech support from a company you know and trust. Scammers often use familiar name such as ‘Eir’, ‘Microsoft’ or ‘Apple’. The person may greet you by your first name and seem extra friendly. They tell you there is an issue with your internet speed and need to run a speed test. They’ll try to talk you through a series of bogus steps to fix the issue and look for card payment. They may even seek to get remote access to your computer and install malicious software there which will provide them with your personal or financial information.Example
Further information
The Commission for Commuications Regulation (ComReg) are the statutory body responsible for protecting consumers in this area. Read their advice about scam calls.
If you get caught by a scam
If you have responded to a scam and given your bank account details, notify your bank or card issuer immediately. Ask them if you can get the payment reversed through chargeback. Your account can be placed on hold and card cancelled if necessary. You should also report it locally to the Gardaí.
Money Hub
- Scams
- Pensions
- Investing
- Cross-border useful links
- Banking
- Mortgages
- Saving
- Credit cards
- Jargon buster
- Loans
- Debt
- Budgeting
- Crypto
- Getting financial advice
- Insurance
- Mortgage protection insurance
- Car insurance
- Payment protection insurance
- Travel insurance
- Getting insurance quotes
- Income protection insurance
- Whole of life insurance
- Serious illness insurance
- Pet insurance
- Making an insurance claim
- Home insurance
- Term life insurance
- Health insurance
- Gadget insurance
