go to Egg home
 
  • Banking
  • Investing
  • Insuring
  • Click here to see all your accounts
  • Company info
  • Security
  • Privacy
  • Legal info
  • Help
  • Site map
  • Customer services
  • Contact us
Egg Home >    Security and privacy >    Phishing >
Phishing
Security and privacy
Security and privacy home
Egg Guarantee
How we protect you
Protecting yourself
Card and account security
Safe shopping tips
Privacy
Aggregation
Useful security links
What is phishing?

What do phishing emails look like?

How do I deal with a suspicious email?

What do I do if I've given away my personal details?

Preventative measures

Phishing is a relatively new security problem but it has been in the news a lot recently. It's really important that you know about phishing; what it is, how it's done; how you can avoid being caught out and what you can do if you think you've been a victim of it. Read this information carefully so you'll know how to protect yourself from phishing.

The important thing to remember is that we will never, ever send you an email or call you to ask you to verify your security details. Don't respond to these requests. If you want to forward an email to us that you suspect might be a phishing message, please send it to spoof@egg.com.
What is phishing? 
Phishing is the criminal practice of obtaining security details such as passwords, credit card and bank account information by sending emails with 'spoof' website links. Usually businesses targeted in phishing emails are financial institutions, online payment services and auction sites. The phishers don't have access to the company's customer records and so these emails are sent to large numbers of people in the hope that they are customers of the company the phishers are purporting to be.

Phishing is mostly conducted by email but it can be in the form of phone calls too. Banks and financial organisations, including Egg, may contact you from time to time to discuss your accounts. If you are not sure a call is genuine, obtain the caller's details, politely terminate the call and ring the company yourself. They will be able to confirm if the call was from them. To find out more about genuine calls you might receive from Egg, take a look at our card and account security pages.

BACK TO TOP

What do phishing emails look like? 
You can see some examples of phishing emails purporting to be from Egg on the Bank Safe Online website. Take some time to look over these and familiarise yourself with the kind of emails phishers send.

Phishing emails usually claim that your security details need to be 'verified'. There will often be a time limit, eg "Your account will be suspended in 48 hours if you don't verify your details" to put pressure on you to click the link and submit security information.

When you click the link, the most usual deception is to send you to a website that looks like the Egg website but which is, in fact, a 'spoof' site. Sometimes phishers will direct you to the genuine site but then load a 'pop up' of their own over the top of it and you are asked to enter your security details into this pop up.

Phishing emails usually start with an impersonal greeting such as "Dear Valued Customer" or "Dear Egg Customer". However, they are becoming more sophisticated so they may use something more individual.

Generally the appearance of these emails is poor, although they sometimes use images from the genuine company website. They are often badly formatted with a mixture of font styles and sizes. The subject line and body of the email may contain spelling and grammatical errors. Letters may have been randomly capitalised in the subject line in an attempt to evade 'spam' filters, eg "URgent eGg SECURiTY update".

Phishers might use links such as www.eggcadr.com or websecurity@eegg.com to try to give the illusion of being genuinely from Egg. Often the domain name in the 'From' field is different from the link in the text of the email, eg the email is from security@secureegg.com but the website address is www.eggcadr.com/login. Look out, too, for emails where the text is actually an image as this is a crude way of disguising a phishing link.

If the email contains attachments, don't open them as they could contain a virus. There's more information about viruses on protecting yourself.

If you're in any doubt whatsoever about an email, open a new browser window and type in the URL of the company to reach their website. Remember that financial organisations will never ask for your security details to be verified in this fashion.

BACK TO TOP

How do I deal with a suspicious email? 
If you receive a suspicious email, forward it to us straightaway at spoof@egg.com. Don't reply to it, click on any links or open any attachments. Please don't alter the subject line or forward the message as an attachment as this will prevent us from investigating the email thoroughly. Once you've sent the email to us, delete it from your email account.

BACK TO TOP

What do I do if I've given away my personal details? 
Don't panic. Forward the email to spoof@egg.com. Run your antivirus software to make sure there's no trojans or viruses on your machine. Once that's completed you should change your passwords immediately for the accounts you have disclosed: you can do this online for your Egg accounts. Check your bank and credit card statements carefully for unusual transactions. If you have received a phishing email for a company other than Egg, have a look at their website or call them to find out what you should do.

BACK TO TOP

Preventative measures 
In addition to staying alert for suspicious emails, you can update your browser. The latest versions of the two most popular web browsers have been updated to include phishing detection features. Internet Explorer 7 includes a Phishing Filter which will display messages about suspicious websites and Firefox 2 has Phishing Protection. Both browsers can be configured to regularly update their lists of known phishing sites automatically.

BACK TO TOP