06 May 2013

Be Vigilant against Phishing Schemes

0 Comment

Tech Tip:

Be Vigilant against Phishing Schemes

Con artists have been around since the beginning of time and, with the Internet age upon us, online fraud is on the rise with techniques for getting your information becoming more creative every day.

Phishing is an online fraud technique used to entice you to disclose your personal information. It includes email and web sites that mimic well-known and trusted brands you use. Typically, you will be sent a fake message resembling a valid message from a well-known source, such as your bank, Ebay, FedEx/UPS or your credit card company. Phishers have become very sophisticated when it comes to creating these links – to the point where it is virtually impossible for the average person to determine if the link is legitimate or not. Rather than clicking on a link, the BMS Hardware team recommends that you type in the website address (URL) that you know is correct for that organization into your browser. Also you can save the correct URL as a favorite in your browser. Do not copy and paste URLs from messages into your browser.

Some of the techniques that criminals have used in the past to disguise harmful links include:

  • Transactional messages from institutions that you may or may not work with. As you can see it was sent from a banking institution with a link to direct you to that account. Instead of clicking through call the “Electronic Payments Association” directly to verify authenticity. It’s always better to be safe than sorry.


Please note: You will never receive these types of emails from Rabobank or the BMS Banking Center. All transactions are conducted through the BMS Software.

  • In HTML formatted messages, the link you are directed to click on takes you takes you to another, usually malicious, website. In your email client, you can hover your mouse pointer over the link to reveal where that link is actually going to take you. If the URL is different than what you expect…be suspicious!

P_ex1Hovering over a link with the mouse pointer reveals the actual URL where a user will be directed.

  • Text in an email message is sent as an image. Spammers do this in order to avoid spam filters. The entire message body is a hyperlink and can be detected by hovering the mouse pointer over the message body where the pointer will become a hand instead of an arrow. You will also not be able to select any of the text since the text is really an image.


Many of these malicious phishing emails also include viruses, that you don’t automatically see, and are downloaded to your computer. The virus will become active when you shut down then reboot or restart your system. For this reason, the Hardware team asks that you never open emails from senders that you do not expect to receive email correspondence from and you should never click on the links. Most email clients will let you preview emails before opening the message – you can quickly see if the message is something you should view in more detail or delete.

Even though your BMS systems have anti-virus software installed, if you feel you have accidently downloaded a virus, call the BMS Hardware Support team immediately. The BMS Hardware Support team can scan and detect any viruses you may have mistakenly downloaded.

With these types of phishing schemes becoming more prevalent, we have compiled a list of common themes as well as what to do when dealing with fraudulent activity:

  • Requests for personal information. Reputable banks and financial institutions will never ask for your account numbers, pins or passwords by email. You should never email your password or any other private information (e.g. credit card number, driver’s license number, bank account information or social security number).
  • Alternate phone number for a reputable institution. Never contact a bank, credit card company, or other business using the phone number provided in an email or recorded in a phone message. Many scam artists and identity thieves send messages that look or sound official, purporting to be from a reputable business or organization, seeking account or other personal information from you. Don’t trust this type of message – look up phone numbers of your bank and other organizations in a phone directory, their website or other official source.
  • Viruses embedded in email. Don’t open attachments or click on websites in unsolicited emails from sent or unknown sources
  • Non-secured web page used to request credit card or other personal information. Make sure Web sites use encryption. A secured web page starts with https:// (note the “S” for “Secure”) and will display a lock on the browser frame.P_ex4
  • Protect your PC with firewalls and updated antivirus software and anti-spy software, especially if you connect to the Internet. BMS-issued computers are already set up with the latest protocols to protect your computer; however, if your office has other equipment, you should make sure all computers are configured appropriately to fend off attacks on your personal information.

If you have any questions regarding phishing schemes and viruses, please contact the BMS Hardware Support team via email or call 800-634-7734 ext. 6.