CBZ Bank was forced to issue out a notice telling its valued clients to ignore an email that was doing the rounds claiming to be from the bank.
The email, which some would dismiss as bogus without the slightest hesitation was convincing and it was easy for some to fall for it. The email is a classic phishing email meant to get users’ bank account information. If you need help in identifying the real from the fake, read on.
Here is the important notice from CBZ,
How do phishing scams work?
It is not just emails, phishing scams can be via text messages or even phone calls. The end goal for the scammers is to get your account information so that they can gain access to that account and help themselves to your money. They may pretend to be any organisation, from insurance company to government department. They want your information, bank account information, personal details, passwords and everything else they can get.
If it is an email like in CBZ’s case, it will look like a genuine email from the bank. The logo, the message format and the web address all look to be the real thing.
There will usually be a link to a fake website which again will imitate the real one.
So what then should you look out for?
- Check that the web address is exactly as it should be. You may need to contact your bank (or any other institution) if you are not sure. For example with CBZ, instead of cbzbank.co.zw which is the correct one, it might say cdzbank.co.zw or something else meant to fool you if you are not paying attention.
- If it contains a link to a website where you are asked to enter in bank account information be very wary.
- It will usually say your details are needed for security or maintenance reasons like in the fake CBZ email above.
- If it says you are due to receive a refund for a fee you were mistakenly charged do not believe. Old wisdom applies online, if it’s too good to be true…
- The email or text will usually not address you by your name. It will just say ‘valued customer’ like in CBZ’s case. Take it as a warning sign if you are not addressed by your full name.
- If it is a survey that offers monetary reward for filling it out be wary.
- You will of course need to look out for spelling or grammatical errors. If those are there you can almost be certain it is not from the bank.
What can you do to protect yourself?
You might want to make it a habit of calling the bank if you are not sure about any electronic communication you get from them if you are not sure it is authentic. There is no shame in that. It is better to spend a few cents calling the bank than to have your bank account cleared out by scammers.
Another golden rule is to NOT click on links you get in emails or texts. Type the address out yourself. You could also copy the link and paste it in your address bar but don’t go to the site, just make sure the address is correct.
- Do NOT give out personal or bank account information via email or text
- Do NOT open suspicious emails
- Do NOT open attachments or click on links in suspicious emails
- If you receive a call from a bank for example, do not give them any personal or account information unless you are absolutely sure it is them. Prefer rather to call yourself if you are going to be divulging that kind of information.
You might want to read up more on how to protect yourself from phishing scams. If so click here. It is safe to click that link, it leads to an article on The Guardian on the same subject.
You might also want to read on how to shop safely on BeForward, some other tips on security online are shared there.