The Cabinet Office is reminding members of the public to stay safe online – particularly when asked to disclose personal information such as user names and passwords.
This advice follows a recent email received by a number of Isle of Man-based email accounts which purported to be from the Isle of Man Government. Recipients were encouraged to retrieve a message by logging on to a specific address that was not a legitimate site.
This process, known as “phishing” is unfortunately not unusual and people are reminded to exercise vigilance when opening email attachments or clicking on links in email attachments from unknown sources.
Phishing emails generally encourage recipients to click on a link within the message which takes them to a fraudulent website that looks similar to a valid site in an attempt to harvest user identities and passwords.
In this case although the sender’s email address appeared to be from “gov.im”, the actual message was not personalised and contained poor grammar. It also included a link which although at first glance looked like “gov.im”, hovering the mouse over it revealed it was actually that of a US educational establishment – a site which was swiftly removed once the phishing attempt was reported.
As a general principle, the public are reminded that when accessing services over the internet they should not disclose user identity and password information unless they are confident they are accessing the correct service. People are also urged to be on the lookout for suspicious emails.
Links in emails which ask for such information should not be followed unless people are sure they are from a genuine source. If in any doubt it is best to use a fresh and direct login to the service in question.
Government online services have been designed with security foremost in mind and offer a multi-level access control to defeat such fraud attacks.
This means that even if fraudsters were able to harvest one element of the login credentials through such a phishing attempt, further pieces of information are required which are known only to the account holder.
This process of “two-factor authentication” is commonplace across secure services and provides a further level of protection against unauthorised access.
If you suspect at any time you may have inadvertently submitted your details to a phishing site, you are encouraged to visit the service in question to change your credentials directly, as well as any other service which might use some of the same credentials.
Further advice and information to help keep you safe online can be found on the Government’s website at http://www.gov.im/get_safe_online