Even as a qualified Fraud
Investigator I am not immune to being targeted by Fraudsters. I recently
received what is known in the industry as a “phishing” email. This was targeted
at getting me to follow a website purporting to be from my personal bank. Please
see received email below
Dear Valued Customer
It has come to our attention that you have not logged
on to your online banking account for sometime now, and as security measure, we
must suspend your online account. If you would like to continue to use the
online banking facility offered by the Royal Bank, please click the link below
and renew your security details imediately. Failure to do so will result in
your online account being suspended
Renew your security details imediately and continue
to use our online banking facility: https://customerbankingrenewal.royalbank.com/
We are sorry for convenience caused and hope you
continue to use our online banking facility.
The Royal Bank Online
Security Team
1. This sender sounds
official, but how can you be sure? Emails can appear to be sent from any
address, so it is easy to fake something that looks official.
2. This email wasn’t
personally addressed to me for such an important subject. /Why wasn’t I
addressed by my name?
3. The statement about not
logging in for a while could well be true, lending to the legitimate appearance
of the email. Do not be fooled by this tactic.
4. “We must to suspend your
online account” – notice the grammatical error here
5. Imediately– spelling mistake
instead of immediately. The same mistake is made throughout the email.
6. Request for sensitive
information. Reputable banks or financial institutions will never request
sensitive information by email.
7. Threat of account
suspension adds weight to the sense of urgency and importance.
8. The URL in the email
appears legitimate, but when you hold the mouse over it, you see that the
actual hyperlink ends in ‘royaibank.com’ not ‘royalbank.com’ as stated
9. Another grammatical
error. I think they meant to say ‘inconvenience’ rather than
‘convenience’.
Stating that the email has
come from the security team is yet another tactic to appear legitimate
Below are the threats you
face by following follow the link :
The criminals will obtain
sufficient information to gain access to your account or your businesses and
clear it of all funds.
They will obtain enough
personal information to steal your identity or your businesses.
They will infect your
computer with malicious software and compromise yours and your businesses
security
Your bank will refuse to
compensate you for any loss for failing to follow their guidance and advice.
Remember your bank will
never contact you on such matters and will never ask for you to provide answers
or details regarding your security information to access your account over the
phone or by email unless you have called them first.
If in doubt do nothing, call
your bank on a verifiable number and confirm the position
For more information on this
topic or any other fraud related subject, I advise you get in touch via my email;
contact@emgfraudconsulting.co.uk