How does online fraud happen?
So-called online scams are on the rise.
The fraudulent theft of confidential codes, unauthorized access, payments of money to non-existent companies or organizations are the most common consequences of this kind of phenomenon.
Most of the time, online scams involve emails or SMSs that look like they are from reliable sources as they include logos for well-known companies, banks or even public bodies.
This phenomenon is better known as phishing and, like all electronic fraud, works insidiously and is often hard to detect, especially if you are not aware of how the scammers operate.
There are, however, certain characteristics which make it possible to identify when a message or request is illegal and alert potential victims.
Recognizing a phishing email is the first step in defending yourself against online scams.
The alarm bells that should warn you that something's not right
Emails that suggest you need to act quickly or make you feel anxious
Phishing emails often contain messages designed to trigger a sense of urgency, anxiety or excitement in the customer, urging them to act quickly.
The most common include:
- A service is about to expire;
- A warning about a missing payment;
- A bank account is being closed;
- You have won a prize.
So you should be wary of messages where even the subject line includes exclamation marks, words in capitals, an urgent invitation or even an order to take action.
Emails asking for personal details or payments
Phishing emails almost always contain an invitation to act and, in most cases, request sensitive information such as passwords, usernames, bank account details or even credit card numbers.
Remember: no banking institution, company or manager will ask for sensitive data in an email, so watch out if this happens.
Emails containing mistakes
Although the content and form of phishing emails are increasingly accurate, they often contain grammatical, spelling or syntax errors that might arouse suspicion.
A strange tone in the wording and the form of the email is enough to trigger alarm bells.
Unexpected emails
If you have not recently made a payment, if you do not have any services due to expire, or you are not expecting a prize, watch out for emails that suggest checks or actions related to such events. Scammers can actually predict which messages might be of interest to you, but not when to send them.
If you have any doubts, check a reliable source first to see if the email is legitimate.
A telephone call to your bank or the company that actually provides the service or checking your online account might be enough to give you the answers you are looking for.
Emails with suspicious or unexpected attachments
If, in addition to receiving unexpected emails, they also have attachments, you should be even more careful.
If this happens, it's always a good idea not to download or open attachments, especially if they are .exe, .vsb, .js, or .bat files.
Phishers often use fraudulent email attachments to send malware or viruses, a phenomenon known as "malspam".
Emails sent from an unknown real sender
Even if you are familiar with the apparent sender of the message, it is always a good idea to check the email header.
All you need to do is open the message and check the additional information about the message sender
It's usually quite clear how to view the details (sometimes there are arrows to expand the sender's details, or links to more details or message properties).
So check to see who the real sender of the email is: if you don't recognize them, it could well be a phishing email.
Emails with suspicious addresses and links
Very often in phishing emails there are buttons that take you to pages that look very similar or the same as those of the company or service behind which the person responsible for sending the phishing email is hiding. These are actually fake pages, and the most common method used to steal information is to ask you to enter details in the required fields.
To check if the web address is secure, all you have to do is hover over the button or the words for the link with your mouse – without clicking on it. The full address of the page to which the link is directed will appear next to the curser or at the bottom of the page.
Within an address like: https://www.websitename.ext/pagename it is very important that you check the www.websitename.ext part: scammers often use similar names to the companies or websites that they are hiding behind to deceive the customer.
Have you received any suspicious emails? Find out more
Check your online account
Especially if the email you received concerns a payment that has been denied, renewing a service or incorrect invoices, before you click on anything in the email or follow any instructions, sign in to your account to check your orders or services.
For example, if you get an email saying that your Aruba services have not been renewed, sign in to your personal customer area to check the status of your orders, payments or active services.
If there aren't any notifications, status messages or evidence suggesting that the email might have been sent, it is definitely a phishing attempt.
Check aruba's "announcements" page
Nobody is immune from phishing attempts, not even Aruba, and email scammers frequently use our name and the graphics of our messages to carry out phishing campaigns on our customers.
To help our customers, we monitor and map the emails concerning us that we know to be phishing emails on a special page.
To check if the email that you have received is a phishing attempt that we have mapped, enter the text of the subject line in the search bar, or have a look at what we have already posted.
Check an email
Report new suspicious messages
If you have received a suspicious email that looks like it is from Aruba but it is not already in our archive, you can submit a report via our page.
This means not only that your suspicions can be confirmed, but you will also help us keep our list up to date, preventing other customers from being tricked by the same message.
Report an email
Worried you've been a victim of a phishing attempt? Here's what you need to do
Unfortunately, it's not always possible to notice a scam and so we fall into the phishing trap. If this happens, it's a good idea to try to resolve it as quickly as possible by following a few simple steps that might help mitigate the effects of the scam:
- Change your password: if an online portal has been accessed without your authorization, you must change your password immediately, keeping in mind some simple rules:
- Use a different password for every website or service (for example, don't use the same password for your email account and for your online banking).
- If possible, use password phrases: short alphanumeric phrases that are easy to remember, but be careful not to use personal or work details (for example: PaSSW0rd$icur4! but not MarioRossi1965)
- Change your passwords regularly and, if you have difficulty remembering or generating secure passwords, rely on a password manager: simple software that can be downloaded from the Internet to create and manage your login details securely.
- Inform the relevant authorities, for example, the police.
- If you have opened a suspicious attachment and your workstation has been infected with malware contained in the phishing emails, it is a good idea to act as quickly as possible, by carrying out an antivirus and antimalware scan with up-to-date softwarefrom reliable sources.
- Inform the companies or organizations that the phisher has hidden behind to scam you. This means that they can take action, tackle the scam and prevent others from being affected.
- Contact your bank. If your bank details have been stolen, it is a good idea to block the services involved in the scam (credit card, current accounts, debit card).
Phishing at a glance:
recognize it, find out more, report and protect yourself
Aruba's commitment to protecting your security
The security of our customers' data is a priority for us.
This is why we work so hard, day in, day out, to guarantee this using our facilities and our constant technical improvements, as well as through information campaigns that help our customers understand the value of data protection and help to maintain its high levels.
How we protect your security
A dedicated area to report the misuse of the Internet
In our effort to combat online fraud, we have dedicated a specific area of the support portal to identifying and archiving all online fraud attempts made in our name, making it easier to detect fraud attempts. In addition, our customers can report abuse, phishing emails or other violations that relate to us, via a dedicated page, ensuring productive cooperation between us.
Check the announcements