The following information is intended to address any general concerns clients may have around the security of online enquiries and transactions.
OnePath makes every effort to ensure optimal security of your data and any transactions at all times; clearly, protecting our clients is also good business for us. However, there are still some inherent risks in passing information and transacting online. You also need to take some action to protect yourself. The following information is designed to help you do this.
Phishing refers to the online fraud technique of sending official-looking email messages with return addresses, links and branding, all of which appear to have come from legitimate banks, retailers, credit card companies, etc. Such emails typically contain a hyperlink to a spoof website where account holders are misled into entering their customer names and security details on the pretence that these security details must be updated or changed. Once this information is given, it can then be used on legitimate sites to take your money.
It is important that you are suspicious of any emails asking for your account information and think very carefully before meeting such requests; see more on OnePath's standard email practices below.
OnePath monitors the internet to find imitation websites, which is often the first step made by phishers. We then work with the appropriate authorities to have these websites closed down as quickly as possible.
You may already have heard of 'advanced fee fraud', where emails offering large sums of money are sent to thousands of email addresses, with a modest 'fee' required in order to cover legal fees, open an account or pay customs charges. Sometimes the money offered is as a result of a lottery for which you have never bought a ticket. Sometimes the money is held in an account overseas but the account owner cannot access it. They promise a percentage of the money in return for your help. In both cases, various fees have to be paid.
Do not respond to these emails. They are a fraudulent and you will not receive any of the promised money.
Trojans are software programs that disguise themselves as an application on an individual's computer. This type of program does not replicate itself like a virus or worm, but it can be just as harmful. For example, one known Trojan horse promotes the idea it will attempt to remove viruses from a computer. However, instead of removing them, it infects the computer further.
OnePath may on occasion communicate with clients by email to the email address last notified to it. So how can you tell if an email is genuinely from us or if it is fraudulent?
The following are steps you can take to make sure the site you are entering really belongs to OnePath, and is a secure site.
The URL (address) will begin with https://
If https, the secure lock icon, a small padlock, will appear on the lower bar of the browser.
Click on the padlock icon to see the details of the security certificate. The certificate shows who owns the site; it should be OnePath. Check that the details and validity are correct.
We work with well-known certification authorities such as Verisign, GlobalSign and Thawte.
If you have any doubts about a website, please contact OnePath.
Your account numbers, customer number, PIN, memorable date and customer identification number are the 'keys' to your account. Never write them down, give them to anyone else or include them in an email. Remember that protecting your customer number, PIN and security details is your responsibility.
The Anti-Phishing Working Group provides statistics on phishing attacks and advice for individuals and companies.
For more information, please contact OnePath.