How might you identify a phishing attack?

It has been estimated that 135 million phishing attempts are made every day, as fraudsters seek consumers’ passwords, account numbers, credit card numbers etc. to allow them to steal your hard-earned cash. So, how can you identify an attempt at phishing, and ensure that you don’t become a victim?

Do you have an account with the company?

A fraudster may not know who you bank with, or which other companies you deal with. So, you may get a phishing communication that says it relates to your account with ‘X Bank’. However, if you have never dealt with ‘X Bank’, you can most certainly ignore the message.

Genuine companies won’t ask you to reveal personal information

However, on occasions you may receive a communication that purports to be from the bank you have an account with, or from another company you have dealt with. Just because the message says it is from your bank doesn’t necessarily mean this is the case – it could be a communication from a fraudster claiming to work for your bank. If the communication asks you for personal information such as passwords, account numbers and credit card numbers, then consider that no bona-fide company would ever ask you to disclose information of this nature via email, text message, online or on the phone.

Check with the company if necessary

Of course, your bank, or another company you do business with, really will need to communicate with you on occasions. So, if you are unsure as to whether a communication is genuine, phone the company to check. You should call the company’s main customer services number, as stated on their official website, instead of using any other number provided in the message. If you have been contacted by phone, then you should wait several minutes before calling the company back, and preferably use a different phone as well, as the suspicious caller may not have hung up. Consider also that it is possible for the fraudster to ‘fake’ the real number of the company – so just because the number on your phone matches that of the company, don’t necessarily assume this means it was a genuine call.

Deliberately mis-type your password

Sometimes a phishing communication directs you to a copy of the company’s website, where you may be asked to log in and enter your personal information. One way you can be sure that a phishing attempt is being made is to deliberately mis-type your password. If the password you enter is different from the one you use to access the company’s online services, but it still lets you in, then the site is not genuine.

Obvious ‘red flags’

As mentioned above, no genuine company will ask you to disclose confidential personal information via email, text message, online or on the phone. However, there are also other clear signs that a phishing attempt is being made, which include:

  • You are called out of the blue and told that your computer needs to be repaired urgently, perhaps because it is infected with viruses. This is almost certainly a scam, even if the caller claims to represent a well-known IT company
  • You are told you have won a lottery or other competition, when you have no recollection of having entered one
  • The communication contains spelling and grammatical errors
  • The email asks you to open an attachment – this is most likely a method of introducing malware onto your computer

Wonga looking after its customers

Wonga South Africa is aware that, on occasions, fraudsters have claimed to work for Wonga in order to obtain customers’ personal details. Wonga South Africa has published guidance on its website to keep its customers safe from this type of fraud.