Security Centre Articles

Friend or Phish?

You've probably heard about identity theft - people stealing other people's personal information to use for illegal purposes. In a new scheme called "phishing", ID thieves trick people into providing their credit card numbers, PINs, passwords, account data, or other personal information by pretending to be someone they're not.

A deceptive scam designed to steal your valuable personal data, the term phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users' financial information and password data. Con artists might send millions of fraudulent e-mail messages that appear to come from websites you trust, like your bank or credit card company, and request that you provide personal information.

As these scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows. They often include official-looking logos from real organisations and other identifying information taken directly from legitimate websites.

How to tell if an e-mail message is fraudulent?
While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet.

Here are a few phrases to look for if you think an e-mail message is a phishing scam:

"Verify your account."
Businesses should not ask you to send passwords, login names, or other personal information through e-mail. If you receive an e-mail from any bank asking you to update your credit card information, do not respond: This is a phishing scam.

"If you don't respond within 48 hours, your account will be closed."
These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail might even claim that your response is required because your account might have been compromised.

"Dear Valued Customer."
Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.

"Click the link below to gain access to your account."
HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a website. The links that you are urged to click may contain all or part of a real company's name and are usually "masked", meaning that the link you see does not take you to that address but somewhere different, usually a phony website.

Con artists also use Uniform Resource Locators (URLs) that resemble the name of a well-known company but are slightly altered by adding, omitting, or transposing letters. For example, the URL "" could appear instead as:

We, at Republic Bank Group are concerned about your security. Our Group serves many people throughout Trinidad and Tobago and the wider Caribbean and our customers choose us as providers of sound, secure and solid financial services. Our strength is built on confidence because we continue to deliver security in every facet of our business. We are committed to providing a secure banking environment for our customers and we want to share some helpful hints and tips with you. When followed, these tips will help to reduce the cost of fraud to all and provide peace of mind when conducting your banking.

  • Watch out for "phishy" emails. If you receive an unexpected e-mail saying your account will be shut down unless you confirm your billing information, an order for something has been placed in your name, or your information has been lost because of a computer problem, do not reply or click any links in the e-mail body.

  • Before submitting financial information through the website, make sure that the domain is Click on the padlock/security report to verify that the certificate matches the site ( If the information is different, close the browser and delete the email. See screenshots below:

  • If you are uncertain about the information, contact the company through an address or telephone number you know to be genuine.

  • Be suspicious if someone contacts you unexpectedly and asks for your personal information. It's hard to tell whether something is legitimate by looking at an email or a Web site, or talking to someone on the phone. But if you're contacted out of the blue and asked for your personal information, it's a warning sign that something is "phishy." Legitimate companies and agencies don't operate that way.

  • If you unknowingly supplied personal or financial information, act immediately and contact your bank.

  • Beware of"pharming". In this latest version of online ID theft, a virus or malicious programme is secretly planted in your computer and hijacks your Web browser. When you type in the address of a legitimate Web site, you're taken to a fake copy of the site without realising it. Any personal information you provide at the phony site, such as your password or account number, can be stolen and fraudulently used.

  • Protect your computer with spam filters, anti-virus and anti-spyware software, and a firewall, and keep them up to date. A spam filter can help reduce the number of phishing emails you get. Anti-virus software, which scans incoming messages for troublesome files, and anti-spyware software, which looks for programmes that have been installed on your computer and track your online activities without your knowledge, can protect you against pharming and other techniques that phishers use.

You can contact Republic Bank's Call Centre to report any suspicious activity or to simply get information or guidance. You can reach our Call Centre at 471-555 or send an e-mail to: