Protecting against Phishing Attacks
Do not follow URL links from un-trusted sources or emails such as spam emails to avoid being re-directed to malicious websites by malicious links looking seemingly legitimate.
Do not visit suspicious websites or follow the links provided in those websites.
Do not follow links to log on banking or financial organisations from search engines result.
Open email attachment with extreme care. Always check the attachment's extension. Never open attachment with "pif", "exe", "bat", ".vbs" extension.
Type the URL manually or follow the bookmarks you have made previously when visiting websites.
Avoid conducting online banking or financial enquiries/transactions from a public terminal or unsecured terminals such as those terminals in cafe shops or in libraries. Hacking or malware may be installed to these public terminals.
Do not open other Internet browser sessions and access other websites while you are performing online financial transactions/enquiry through the Internet. Remember to print or keep the copy of transaction record or confirmation notice for checking.
Always be wary when giving off sensitive personal or account information. Banks and financial institutions seldom ask for your personal or account information through email. Consult the relevant organisation if in doubt.
Always ensure that your computer is applied with the latest security patches and anti-malware software with updated definition file to reduce the chance of being affected by fraudulent emails or websites riding on software vulnerabilities. This also helps to protect your computer from other security or malware attacks.
Consider using desktop spam-filtering products to help detecting and blocking scam emails but beware of false alarms. Recommend to learn the technical abilities that are essential for deploying these products in an effective manner.
Review your credit card or bank account statements as soon as you receive them to check for any unauthorised transactions or payments.
Log into your accounts regularly to check for the account status and last login time to determine whether there is any suspicious activity.
Verify the legitimacy of the website of an organisation such as banks by contacting the organisation through its address or telephone number.
Change the password immediately if you suspect that your have already been defrauded (e.g. responded to phishing emails or supplied your personal/financial information to the fraudulent websites). Check your account status and contact the relevant organisation and/or report to the police immediately.
Send the phishing emails to the relevant organisation and/or the police for their investigation.