Information Security

Summary (FYI peeps)

Employees at numerous Shell locations have received "spoofed" (forged) emails in recent weeks which pretend to be from a financial institution such as a bank or from an online service provider such as AOL or eBay, stating that there has been a billing problem with the recipient's account and requesting the recipient to click on a link to go to a website in order to sort it out.

The email often states that the account will be suspended if this is not done.

The website that the link takes you to is also spoofed. It generally asks for personal details to be entered, such as name, address, date of birth, account numbers and even PIN codes.

The emails are carefully crafted and often carry the genuine logo of the organisation concerned, stolen from its own website. They are designed to fool people into responding to them.

The emails are sent randomly, with no attempt to check that the recipient uses the organisation that the email pretends to come from.

This activity is known as "phishing" and its aim is to acquire details of people's personal financial data so that those behind the scam can access those accounts.

Experts estimate that up to 5% of people respond to these emails, risking unauthorised access to their bank account and sometimes identity theft.