How to avoid the latest online scams
Current Issues | Owner-managed businesses | 3rd August 2016
We've probably all received scam emails at some point in our lives. The classic 'dodgy' email inviting us to share our bank details to facilitate a substantial money transfer relating to the estate of a recently deceased multi-millionaire in some remote country is something most people will be familiar with. But as most people have wised up to these scams, the tactics of cyber criminals have evolved.
The principles of cyber security remain the same, but the scams have become increasingly sophisticated. Most phishing attacks are based on gaining the email recipient's trust and can be very convincing, compared to the more old school hoaxes concocted around tales of tragedy and woe.
Cyber attacks these days are more likely to be targeted directly at you, using your name, often claiming to be from a service provider you deal with regularly. Hoax emails saying there's a problem with your account are often cleverly dressed up to look as though they come from a legitimate organisation such as your bank, online stores, payment providers, IT support or even HM Revenue & Customs. They'll often include a clickable link asking you to provide your account information and password.
If you don't have an established relationship with the purported organisation you'll probably recognise these emails for what they are and delete them immediately. But it's easy to be fooled into opening an email if it looks like it's from a service provider you use. Even when alarm bells are ringing, people will sometimes be tempted to click on a link to have a quick look. Even if you stop right there, just clicking on a link can open the gateway to costly computer viruses.
So its important to be wary of any unsolicited contact. It's highly unlikely that genuine, reputable companies would ever contact you in this way and ask for sensitive information in a non-encrypted way.
The 'internal' email
Online frauds in the workplace often begin with an email from a fraudster pretending to be a senior figure in the company to a member of staff in the finance department.
They will be told that they need to quickly transfer money to a certain bank account for a specific reason. Businesses should be on high alert to this and remind their employees to double check everything, especially when it involves transferring lareg sums of money - even when it looks like the head of the company has told them to do so.
Fighting online fraud
Here are five top tips to help you avoid getting caught out:
- If you receive an email from what appears to be your bank asking for confidential personal information, never click through the links provided and do what is requested. Instead, contact your bank directly or go through your usual online banking portal. Likewise for payment providers and other online portals.
- Don't ever click on a link in a suspicious email message. If you want to check it, then manually type the web address into your browser. For a website address to be secure - like your bank - it should begin with "https://".
- If you really aren't sure and want to check whether an email is genuine, use a free programme such as https://10minutemail.com. It creates a new email address that lasts for exactly ten minutes. This is a great way to beat spam.
- Watch out for incorrect use of English. Many of these scams are put together using online translation tools, so they often don't make perfect sense when read carefully.
- Educate yourself about cyber security and review your business or personal desktop security settings and software.
If you recognise a scam attempt or believe you're a victim of online scammers, contact http://www.actionfraud.police.uk/.
If you have further questions or need help with cyber security, please speak to your usual Shipleys contact who can put you in touch with specialist providers, or read the Comparitech guide to online scams.
Specific advice should be obtained before taking action, or refraining from taking action, on the basis of this information.