Thursday, June 15, 2006

Security: Is this E-Mail really from My Bank?

Computer Coaching for Seniors Ottawa Canada

This E-Mail appears in your inbox:

Dear Sir,

We have detected some illegal transactions with regards to your accounts at our bank.
Please login immediately using the link below to rectify the situation.

Thank you
John Smith
Account Advisor

Do you click on the link The answer is NOOOOOOO :).

Many times emails are sent pretending to be from EBay or from financial institutions like TD or CIBC. This is known as phishing. By clicking on the link in the email it will take you to a spoof website and not to the website that you wanted to go to. Once there, if you sign in with your userid and password then the owners of the spoof website would now have your userid and password and could use it to access your account.

In our E-Mail above even if Bank of Ottawa was a valid bank in Canada and their official website was the problem is that the link in the E-Mail points to another website. Take your mouse and hover over the link. You will see in your browser's status bar that the address is really

Rule of thumb: Try not to click on links in an E-Mail to access your accounts.

Below are some ways you can safely assess the status of your account.

  1. Call the company up by phone and ask if there are any issues with your account. DO NOT USE THE PHONE NUMBER IN THE EMAIL! Call using the number from the phonebook.
  2. Sign on to the company's website by typing in their official web address in your browser (e.g., if it is TD it is, if it is ebay then it is and see if you have any messages about your account.
  3. Forward the suspicious E-Mail to the company using the email address FOUND ON THE COMPANY'S WEBSITE. Ask if this email is valid.

No comments: