What to watch out for in identifying fraudulent bank emails

CBN policies reduce E-fraud success rate amid increase in online transactions

Internet fraudsters are desperately devising different techniques to confuse customers of banks who make use of electronic system in order to have access to their funds and swindle them. One major way is to intercept their online transactions to get information about the account holders.

Often times, they send junk mails to a large number of customers using logos similar to the original banks and wait for the customers to respond to such emails.

An unsuspecting customer may think the email is from his bank and if he discloses any information concerning his account, he may fall victim to the fraudsters.

Some of the junk emails usually come in this pattern: ‘Dear esteemed customer, you would have to confirm you are an active account holder with us by following the procedures from your X bank account. Thank you for choosing X Bank.’ The fraudsters go on to send some emails, which they could use to track the customers’ accounts.

It is necessary for an account holder to know that his bank’s employees or agents will never call or send an email to request for his passwords, card number, card expiry date or Personal Identification Number. Customers should always log on to the internet banking service through the bank’s website or registered mobile App. They are enjoined to always ignore any message that is not sent directly from his bank’s website. The correct website of the bank is usually written on the debit or credit cards with you.

An online report on the subject by www.technewsworld.com <http://www.technewsworld.com/> gives more tips on how to identify bogus banking emails.

Fraudsters, it says, work by embedding dummy Trojan software on your personal computer, or by getting you to visit fake websites to enter personal details, or by capturing personal details directly from your computer (now extended to cell phones). The emails are often hard to spot and can look like they come from common financial institutions and social networks.

Here are stop steps to take if you suspect one.

Notice the red flags

Red flags include requests for personal information such as banking details and password changes; prompts to click on links or download attachments; and requests from institutions you don’t already have a relationship with. Treat any red flag emails with caution and proceed to the next steps. Warning: Don’t click on a link within an email if you have any doubt as to the legitimacy of the message.

Don’t panic

Be wary of alert-style text within emails that suggests your security has been compromised and that the embedded link you are being urged to click on will fix the problem. This is a pressure technique that instills a sense of urgency; just as you would in entering a common purchasing transaction, take time to evaluate. Look for language that implies something onerous will happen if you don’t click on the link within the email message –for example, that your account will be closed. Look for bad grammar, strange capitalisation or spelling mistakes. Legitimate companies usually put efforts into catching mistakes before releasing an email. Peculiar text can be used to circumvent spam software.

Look closely at links

Place your mouse over the common language link in the email again, without clicking on the link to see if the link’s web address is repeated within the status bar on the browser or email client. A legitimate link will echo the text in the message. For example, the link in a message from the XYZ Bank will read https://www.xyzbank.com/link, or similar, rather than http://somethingelsefakebank.com/link or similar, or a series of numbers, called an “IP address,” like http://192.111.111.111/link, or similar.

Check the header

Check the sender’s actual address in the message header against “from address.” The displayed ‘from name’ is easier to fake than the sending mail address.

The actual addresses should match, or the sending mail address should clearly originate from a legitimate institution sending a message.

Legitimate institutions will not send downloadable email attachments unless you have already entered into a dialogue with them about it. Never download attachments with “.exe” extension.

Take the high road

Browse to the sender’s website directly. Do this by manually entering the web address root in a web browser address bar. Then, use the website’s navigation to find the information referred to in the email message. If the email message was legitimate, the contents will be available at the website too.

When browsing, check the browser’s address bar for the correct institution’s address for example, XYZ Bank. Even if the web address has the bank’s name, it may not be the bank’s website. For example, XYZBankSecure.net is not the same as XYZ Bank.com.

Good riddance

Delete the bogus email message.

Do you want to write for FINANCIAL WATCH or have an article you want published? It’s now easy. Post your articles and news stories here your story will be reviewed and published. Report any FINANCIAL CRIME and JOB RECRUITMENT SCAMS here, help us keep our labour market clean. To submit your post CLICK HERE