Reserve Bank of Vanuatu : Email Phishing, Scam

RBV Phishing scam
Phishing is a technique used by fraudsters to obtain personal information to commit identity theft by getting you to reveal your personal information as credit card numbers, bank information or password, in order to steal your money. This technique is usually used on websites and organization that pretend to be legitimate.

How to spot a phishing email?

  • Unusual button, attachment in an email

Be suspicious of emails that claim you need to click on a button or open an attachment immediately. Usually they inform you that need to claim a reward or avoid a penalty, creating the sense of urgency to trick you to act immediately without second thought. Whenever you see a message asking for immediate action, take a moment and consider the message carefully. Are you sure it’s genuine? Slow down and be careful.
  • New or infrequent senders

While receiving an email from someone for the first time is not unusual, especially if they are outside your organization, it may be a sign of phishing. Take a moment to examine the content of the email form a sender you do not recognize before you proceed.
  • Bad spelling and grammar

Professional companies ensure to provide high-quality and professional contents. If an email has obvious grammatical and spelling errors, it might be a scam.
  • Mismatched email domains

If you received an email from what seems to be a legitimate company domain such as a bank or EBS (someone@bred.vu or someone@ebs-vanuatu.com) when in fact, it has been sent form a another domain like Gmail.com or bredbank.ru, it is probably a scam. Be watchful for very subtle misspelling of the legitimate domain name; e.g brecl.vu for bred.vu . Verify the sender’s email address before you respond.
  • Suspicious links or attachments

Whenever you doubt that an email is genuine and that it is most like to be a scam, do not open any link or attachment. Verify the sender’s email address for any mismatch domain names. Also move your mouse over the link, without clicking, to see if the address matches the link that was entered in the message. if there is a mismatch, it is a scam.

What to do if you receive a phishing email?

    • Never click on any link, button, attachments in suspicious emails. If you worried that the email might be legitimate, visit the company website and contact them using the contact details visible on the website, or send them a message from their website via the contact form.
    • If you receive a suspicious email from someone you know personally, contact that person via other means to confirm it.
    • Report the email as scam and block the senders
    • Delete the email.

If you want to prevent these incident to happen in your organization, please contact us. Our team will help you secured your network.