Think Twice Before You Act
15 January 2016
- Over a quarter of victims of online crime have been scammed by phishing emails or phone calls
- Over three quarters of all reported phishing incidents happen via email
This week, Get Safe Online in partnership with Barclays, NatWest, Royal Bank of Scotland, Lloyds, Halifax, Bank of Scotland, City of London Police (COLP), Cifas and Financial Fraud Action UK (FFAUK) has launched a new advertising campaign warning the UK public about the dangers of ‘social engineering’ as reported figures from the NFIB show incidents have risen by 21% in 12 months. Get Safe Online, along with its partners, is urging people to ‘Think Twice Before You Act’ to stop more people falling victim to social engineering fraud.
Social engineering is an extremely targeted type of scam where fraudsters manipulate their victims into sharing confidential information. This can happen through fake emails, phone calls, texts or posts (and even leaving a malware-infected USB stick lying around), and frequently involves piecing together information from various sources such as social media and intercepted correspondence to appear convincing and trustworthy. The often complex nature of the attack makes it extremely difficult to spot a scam before it is too late.
Social engineering on the rise
There’s no doubt that cybercriminals have become more and more sophisticated in their attacks and this is particularly evident in new figures from Action Fraud, which show the number of reported phishing scams reported between November 2014 – October 2015 totalling 95,556. This represents a 21% increase over the same period the previous year[1].
This is further supported by research from Get Safe Online, revealing that over a quarter (26%) of victims of online crime have been scammed by these types of social engineering emails or phone calls. In addition, over a fifth of people (22%) said they are most concerned about this sort of online crime.
Interestingly, the research from Action Fraud found that the reported incidents of phishing scams peaked on 21st October – the day of the TalkTalk data breach. This highlights people’s increasing fear surrounding these kinds of attacks, particularly in light of this and the other high profile breaches that took place last year.
Tony Neate, CEO, Get Safe Online said:
“Social engineering is becoming ever more targeted and personal, which is why it’s no surprise that the number of cases is on the rise. What’s worrying, however, is the complex nature of these scams and how they tap perfectly into feelings that make us panic - if we get an email purporting to come from someone we trust (such as our bank) about something that is emotive to us all (money) and then demand that we act urgently, it’s almost like the perfect storm. That’s why we’re so pleased to be teaming up with the banks, City of London Police, CIFAS and FFAUK to encourage people to think twice before they act and not to let panic override common sense.
“We also advise that people make sure they have strong passwords or PINs to secure devices, as well as making sure all software and apps are up-to-date. If you do have suspicions regarding an approach, it’s always better to be safe than sorry, so trust your instincts and double-check the person is who they say they are before handing over any information. This way, we can stay one step ahead and stop more people from falling prey to an online criminal.”
How are we being targeted?
In terms of the most popular channels for phishing, email comes out top, accounting for over three quarters (77%) of all reported incidents. This is followed by phone calls, which accounted for one in ten (12%) incidents.
The top five channels for social engineering scams are:
- Email;
- Landline phone calls;
- Text message;
- Mobile phone call;
- Post.
Commander Chris Greany from the City of London Police said:
“Social engineering is increasingly being used by criminals to prey on people’s personal and financial information. Almost everyone is able to identify a time when they have received correspondence from someone, whether it be by email, post or on a phone call, who is looking to convince them to part with their details. Fraudsters are using ever more sophisticated methods to gain personal information and these types of attempts have often left victims penniless.
“We urge everyone who receives unsolicited phone calls, texts, emails or letters to ignore them and never enter into conversation with someone that you don’t know online or over the phone. If you’re contacted in this way, it is likely that you’re being targeted by a fraudster who is simply looking for ways to exploit your personal and financial details”.
What angles are these scams taking?
How are these fraudsters disguising their attacks? According to the research, the most popular angles and guises for phishing scams include pretending to be from BT, iTunes/Apple ID, HRMC, a lottery organiser, PayPal, a bank or Amazon. The most common relate to BT and iTunes.
Top 11 themes for phishing scams (in order):
Theme of Phishing Campaign
|
BT account update
|
iTunes invoice
|
HMRC tax refund scam
|
Tesco vouchers, Apple ID, accident injury claim and other
|
Document attachment
|
False invoice
|
Itinerary attachment
|
Suspended credit card account
|
Suspended Tesco Bank account
|
Sky services upgrade
|
Blocked Barclaycard
|
In addition, over a quarter (29%) of all reported phishing emails contained a potentially malicious link which when clicked, could deliver malware to a victim’s computer or request their personal details. 17% of phishing emails requested a reply and a further 15% requested personal information. Although interestingly, emails with malicious links are decreasing and in fact, requests for money transfers are on the rise. This shows how the nature of these scams is constantly shifting, giving us all the more reason to think twice before we act.
Who you need to speak to:
- If you have been a victim of banking fraud or spot irregular activity on your account, contact your bank immediately as there will be more chance that your losses may be recovered;
- It’s important to report any fraud to Action Fraud, the UK’s national fraud reporting centre by calling 0300 123 20 40 or by visiting www.actionfraud.police.uk;
- For general advice on how to stay safe online, visit www.GetSafeOnline.org.
About Get Safe Online
Get Safe Online (www.getsafeonline.org), which is now entering its tenth year, is the UK’s premier internet security awareness initiative. A joint partnership between the Government, the National Crime Agency (NCA), Ofcom, and private sector sponsors from the worlds of technology, communications, retail and finance, the initiative continues to educate, inform and raise awareness of online security issues to encourage confident, safe use of the internet. Get Safe Online is supported by the Cabinet Office, Department for Culture, Media & Sport (DCMS), Home Office, Action Fraud, Ofcom, HSBC, Barclays, Royal Bank of Scotland, Gumtree, Symantec, Kaspersky Lab, Tesco, Creative Virtual, PayPal, Lloyds Banking Group, National Trading Standards eCrime Team, NatWest, Credit Suisse and Principality Building Society.
[1] This data constitutes of phishing reports made to Action Fraud November 2014 – October 2015 by members of the public. Reports made via ASOV tool consist only of those instances of phishing where someone has been approached with a scam message (via email/text/or phone) but has not suffered a financial loss as a result of it or has not exposed their personal details to a scammer.
PREVIOUS ARTICLENEXT ARTICLE
Cifas Chair steps down
21 January 2016
Cifas Chair Ken Cherrett has announced he is stepping down in September, after 25 years in the role.
CONTINUE READING
Double danger for shoppers on Black Friday
7 January 2016
A notable increase in victims of identity fraud highlights the ‘double danger’ of online shopping – both losing money and your personal details to fraudsters.
CONTINUE READING
Back to newsroom >