Phishing and identity theft

No, we haven't spelt it wrong. If you haven't heard of phishing, you'd better catch up quick. Here's how to avoid being tricked into giving out personal details online and having your identity stolen.

Using gloves won't protect you

It’s important to keep all your personal details safe, not just credit card or bank numbers. Name, address and date of birth, or facts such as your mother’s maiden name or place of birth – often used as security questions – can be worth as much to a fraudster as the pin number for your cash card. So be wary when you put this information online for everyone to see on Facebook, for example.

They can be used to open bank accounts, take out loans, obtain or forge copies of passports, national insurance cards, or other official documents. But fraudsters could also use them to bluff their way into your accounts by contacting the bank or company involved and posing as you.

Phishing and fraud

Phishing (yes, it’s spelt like that) is one technique fraudsters use to fool you into handing over your details by impersonating a legit organisation you might be a member of – a bank, PayPal, eBay or webmail account, for example.

Phishing messages will inevitably ask you to click a link and login to their website in order to ‘re-establish your account’, ‘claim a rebate’, ‘confirm your phone number’, or other vaguely plausible reasons.

However, while playing on fears of security lapses, the link or address provided will be fake and cleverly designed to imitate the real thing. Any username, password, bank account number, or other details you put into the website go straight to the scammers, who could steal your money or sell your account details to other criminals.

How can I protect myself?

Emails asking for your credit card number, bank details, passwords or anything else important are almost certainly scams. Banks and companies like PayPal, eBay or Hotmail will never ask for your username or password. Just delete the email, or if you are in any doubt, contact the company concerned to verify the email.

Don’t click on a link in an email – it will not lead to the website it appears to. A link might appear to read http://www.hotmail.com even while the HTML code underneath points to http://www.dodgy-scam-site.cn, for example.

You can see this for yourself – hover your mouse pointer over the link and the web address it leads to will be displayed in the status bar of your browser or email reader. Alternatively, you can see the actual destination address in the HTML by using the ‘view source’ function.

A similar con trick are those emails claiming to be from African ex-president’s widows offering $25 million in exchange for a small ‘administration fee’, or similar tall stories. There is no widow, no money – but the money you will lose if you pay up or give them any account details is real. As ever, if it sounds too good to be true – it is!

When buying online, only give credit card details when using a secure, encrypted connection, shown with https:// rather than http:// in your browser’s address bar. No reputable online seller would ever use a non-encrypted connection.

What other protection is there?

There is software available that can warn you of known scams, fake websites or dodgy links, for example Earthlink Scamblocker. Some popular antivirus programs also protect from phishing, such as AVG. All these are free.

Use a credit card whenever possible, as payments over £100 are insured by the card issuer. Keep an eye on your accounts, especially bank and credit card statements which can alert you to any unusual activity.

What should I do if I have my financial details stolen?

If you find your credit or debit card number or bank details have been stolen, contact the issuer as soon as possible to cancel the card, or freeze the account using the 24-hour hotline or phone banking service. It’s worth keeping the number in your phone or wallet in case it’s needed quickly. If something on your statement looks suspect, contact your bank or card issuer, querying each charge.

What should I do if my eBay account is hijacked?

There is a page at eBay’s site to report this, and also an online fraud report hotline.

What shall I do if my identity is stolen?

If your personal details are used to imitate you, buy goods or services, or to create false documents such as a passport or driving licence, you will need to contact the issuing body, such as the Identity and Passport Service or DVLA, immediately.

Photo of identity thief by Shutterstock