Phishing involves an email message being sent out to as many Internet email addresses that a fraudster can obtain, claiming to come from a legitimate organisation such as a Bank, online payment service, online retailer or similar. The email requests the recipient to update or to verify their personal and financial information, including date of birth, login information, account details, credit card numbers, PIN numbers, etc. Some of the email messages include a threat that failure to update or validate will result in, for example, the account being frozen. The objective is to induce unsuspecting recipients, who happen to be customers of the legitimate organisation being intimidated, to respond to the email and to provide the information being requested.

The email will contain a link that takes you to a spoof web site that looks identical, or at least very similar, to an organisation's genuine site. In some cases, when the link in the email is clicked, the genuine site is accessed, but is overlaid with a smaller window with the spoof site, making it more believable. Clicking on a link may also download malicious software, known as "spyware" onto your computer which will record your use of the Internet and forward this information, and possibly a log of your keystrokes, to the fraudster. The fraudsters will use this financial information to compromise bank accounts, credit cards and other details.

To avoid getting phished: Please do not respond to email messages that request personal or financial information and never click on a link in such an email. We would not send unsolicited email messages asking our customers to update or verify their personal and security details. If you are in doubt about the legitimacy of the email, or if you think that you have been a victim of a phishing scam, you should contact the organisation in question immediately. You should, however, be careful to use the normal method you use to contact the organisation in question, rather than using any suggestions included in, or by responding to, the email.