The latest of internet-based frauds is called phishing and consists of sending email to people requesting sensitive information.
The mechanism is simple, an email, that seems to come from a bank or a credit card, is sent to unaware individuals requesting to confirm (by connecting to a link in the email) password, PIN and any other user access or account information in order to "re-validate" the access data, due to a glitch in the system.
When the user logs in on the "fake" bank site his/her access info are stolen and then used to access the account.
The way to protect yourself is relatively simple if you know that:
- banks and financial institutions never ask for password, credit card numbers (unless it is related to a specific online payment that the client has initiated)
- you should never reply to email requiring personal data like PIN, password, etc. In case of doubt call directly the financial institution
- it is a fraud, especially if the mail has an intimidating tone, like threatening to close your account if there is no reply, or the mail contains spelling mistakes and has sentences with poor grammar structure
- if an email requests you to input your data, NEVER use the link proposed in the email, but ALWAYS log onto your financial institution site using the homepage. Quite often the link takes to an imitation of the site, indistinguishable graphically from the real one.
- long addresses with unusual characters should alert your suspicions
- when digiting your data make sure the address is protected from a criptographed certificate (recognizable from the lock sign and from the "https" instead of only "http" in the address).
- best of all check your credit card and account movements regularly to find out if any unusual expenses are recorded.
In any doubt contact the bank or financial institution immediately.