home page
what is a trojan ?
Adware ? Spyware ? Trojan ? Virus ?
Protection and Control
Have I Got a Trojan ?
Trojan Removal
Phishing scams
Why target me ?
10 simple anti-trojan rules
Frequently Asked Questions
Technical Assistance Forums
Software Reviews
Rogue Software
Software Downloads
Internet Security Sites
Link to us
Other Helpful Stuff
Recommended Reading
Trojan Archives
Trojan Port List
Contact us

Secure Web Hosting with Hostgator

"All warfare is based on deception. There is no place where espionage is not used."


Chinese general & military strategist (~400 BC)

Sourced from

Featured Site Link

anti-phishing working group

Report phishing emails, pharming sites and crimeware to the Anti-Phishing Working Group and help stop this insidious threat to e-commerce.

Phishing Scams

Phishing normally involves mass mailing a large number of email accounts with an email that fraudulently attempts to instruct the receiver to verify sensitive account information by logging on to a site or including it in a return email link to the sender to authenticate that they are the authorized user of that account. The email purports to come from a trusted financial or payment facilitation institution such as PayPal, eBay, or online banking and credit card companies.

PLEASE NOTE: Your Bank or payment organisation has not forgotten your password or PIN number!! You should never need to verify it by email or log onto a site to confirm it.

The term phishing is a variant of fishing which denotes that the sender puts a lot of bait out to try and catch a fish (victim). Phishing emails are relatively easy to spot and many have similar characteristics. Included below is an actual email where only the name of the institution has been changed to a fictitious organisation.

From: Internet Payment Company []
Sent: Friday, 28 March 2008 2:09 p.m.
Subject: Internet Payment Company Verification Code
Dear Internet Payment Company Customer,

Please REGISTER "Internet Payment Company Verification Code", this a security measure that will ensure that you are the only person with access to the account.

If your account is not REGISTER within 72h Internet Payment Company will remove the account for security reasons.

Please respond as soon as possible!

Thanks for your patience as we work together to protect your account.

The Internet Payment Company Team
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your Internet Payment Company account and choose the "Help" link in the header of any page.

Internet Payment Company Email ID IPC321

How to identify phishing bait emails

In the example above, there are certain clues to the fact that this is not from the genuine e-commerce site it pretends to be. Here are some of the giveaways.

  1. The request for confidential information
    The fact that the institution is actually asking for your highly sensitive account information is the biggest indicator. You should NEVER, NEVER be asked to verify your account access details from a bona fide banking, credit card or internet payment organisation.

  2. Phrasing and grammar
    The poor English and bad grammar. e.g. "If your account is not REGISTER within 72h." Many of these scams originate in non-English speaking countries so the phrasing and sentence structure may be poorly constructed.

  3. False links The link that you are asked to reply to will most probably not take you to the address shown. If you hover your mouse over the top of the link without clicking, you should momentarily see the actual link site address ( as we have tried to illustrate. ) If this is different from the shown address, then this is a dead giveaway. DO NOT visit this site! DO NOT give them any information.

    If you already have done so, contact your financial institution or e-commerce site immediately to seek their assistance in stopping your account being used fraudulently.

  4. The need for urgency
    The need to act urgently should always be treated suspiciously. Obviously one of the tactics the scammer uses is to get you to give them your information before you have time to think about your actions.
If you have any doubts about an email you appear to have received from an organisation, contact them via a secondary link like their website, rather than email reply or via the link specified in the email.

Forward them the email message in question and ask if it is genuine. You should almost certainly get an immediate response advising if it is a security threat or not.

"To be suspicious is not a fault. To be suspicious all the time without coming to a conclusion is the defect."
Lu Xun protect against scams
Recognise phishing scams and fraudulent emails.

anti-phishing working group