Phishing, Trojans and Money Mules

Not sure what we're talking about, then take a look at our easy to understand guides:

What is phishing?

You may have heard a lot about phishing recently and wondered what it all means and what all the fuss is about?

It's when fraudsters spam(s) the Internet with an email or send a text message claiming to be from a reputable financial institution or e-commerce site. The message tries to make you to click on a link and update your personal profile or carry out some transaction. The link takes you to a fake website designed to look like the real thing. However, any personal or financial information entered will be sent directly to the scammer. Don't worry, they won't get your email address from us.

Spotting a fraudulent email

Although there's no foolproof formula for identifying a fraudulent email, text message or web site, these signs should help you spot one.

Signs of a fraudulent email:

  • There may be a sense of urgency. Example: Your account will be closed or temporarily suspended. You'll be charged a fee if you don't respond.
  • There are embedded links that look legitimate because they contain all or part of a real company's name. These links may take you to spoof sites (or pop up windows) that ask you to enter, confirm or update sensitive personal information.
  • There may be obvious spelling errors. These help fraudulent emails avoid the spam filters that ISPs use.
  • Spoof web sites can be more difficult to detect, because even the address bar and padlock that appear in your browser window can be faked. Make sure you're on the right site, type in the full web address into the address bar and see if you get to the same place.

Top tips

  • Know who you are dealing with.
  • Always access our site by typing in our address into your web browser. Never visit us via a link in an email.
  • and enter personal details.

What the fraudsters are after

  • Your PIN.
  • Your answers to your security questions.
  • Debit or Credit Card number.
  • Bank account number.

If you are a Co-operative Bank/smile customer and you suspect you've been the victim of a phishing attack click here to find out more

If you suspect you've received a spoof or phishing email, please forward it to the address below:
ihaveseenascam@co-operativebank.co.uk

Please do not click on any links within the email or reply to the email with any of your details. The Co-operative Bank will never ask you for any information (account details, card numbers, PINs or passwords) via email or text. If you receive such a request for this information, report it immediately to us.

If you've entered any of your details or replied to the email or text with your details please call us immediately on 0870 6000 328 (lines are open from 9.00am to 7.00pm, Monday to Friday, and 9.00am to 6.00pm on Saturdays).

What are Trojans?

  • Trojans take their name from the term 'Trojan Horse' and are a type of computer virus that can be installed on your computer without you realising.
  • Trojans are sometimes capable of installing a "keystroke logger", which captures all of the keystrokes entered into a computer keyboard.
  • They then try and capture passwords entered at certain web sites.
  • Fraudsters will send out emails at random to get people to click on a link from the email and visit a web site where vulnerabilities in the web browser are exploited to install a Trojan.
  • The emails are not normally Web sites with a variety of excuses.

Stopping Trojans

  • Treat all unsolicited emails (especially those from unknown senders) with caution and never click on links from such emails to visit unknown web sites.
  • Install anti-virus software, keep it up-to-date and run regular security scans.
  • Install and learn how to use a personal firewall.
  • Install the latest security updates, also known as patches.

Top tip

  • Prevent spam - Reduce the amount of spam (unsolicited bulk email) that you receive by being careful about who disclose your e-mail address to. Be aware that Spammers will collect or buy your address from a variety of different sources including web sites, newsgroups, if you sign up for free offers, if you order something online, mass mailing viruses or from worms.

What is a money mule?

  • A lot of the criminals behind these phishing and trojan scams are located overseas. They often find it difficult to make cross-border transfers. To obtain the money they've stolen they need a "money mule" to launder the funds obtained as a result of phishing and Trojan scams.
  • After being recruited, money mules receive funds into their accounts and they then withdraw the money and send it overseas, minus a certain commission payment.
  • Money mules are recruited by a variety of methods, including.
  • spam emails.
  • adverts on genuine recruitment web sites.
  • instant messaging.
  • ad in newspapers.
  • Positions on offer sometimes include "UK Representative", "Shipping Manager" or "Sales Manager". They offer you the chance to earn some easy money for a few hours work each week, usually just requiring that you have access to the Internet.

Top tip

  • Prevent spam - Reduce the amount of spam (unsolicited bulk email) that you receive by being careful about who disclose your e-mail address to. Be aware that Spammers will collect or buy your address from a variety of different sources including web sites, newsgroups, if you sign up for free offers, if you order something online, mass mailing viruses or from worms.

 Avoid being a mule

  • Be cautious about any unsolicited offers or opportunities offering you the chance to make some easy money, especially from overseas.
  • Verify any company which makes you a job offer and check their contact details.
  • Never give your bank details to anyone unless you know and trust them.
  • Be wary of ads from overseas company seeking "UK Representatives" or "Agents" to act on their behalf for a period of time, sometimes to avoid high charges for making payments, or local taxes.
  • MONEY MULING IS ILLEGAL.
  • Even if you have nothing to do with the actual extraction of funds from another person's account, by allowing your account to be used to receive and transfer such funds, you may be acting illegally.

Key tips

  • Before entering personal details, look for a padlock or a website address that starts with 'https:'.
  • Avoid clicking on links in unsolicited emails.
  • Ensure that you know who you are buying from.
  • If an offer looks too good to be true then it probably is.

Password Security

  • Make sure your security information is difficult to guess by choosing strong passwords.
  • Would you leave your door keys in the lock when you go out in the evening?
  • You should treat your passwords in the same way! From online purchasing to online banking, each password should be unique and unrelated to any of your other passwords.
  • You shouldn't write them down, and you shouldn't share them with anyone, even your best mates.
  • Strong passwords use a combination of uppercase and lowercase letters, numbers, and punctuation, they aren't usually found in any dictionary. For example, using 'river' would be a weak password, whereas 'r!V3r_78' would be much stronger.
  • A good tip is to change your passwords at least once every six months.
  • How strong is your password.

Your money guides

Simple product guides

coinflip.48.png

See the other side of the coin


Activities in your community and the wider world.
read more

 
The co-operative membership - join us