October marks Cyber Security Month.
Octobe marks Cyber Security Month.
In a year where the world has been struck with the Coronavirus, the issue of cyber crime and the importance of being vigilant has never been so important. Particularly as there is such a high dependence on technology with large numbers of people working from home.
“Covid-19 has seen criminal gangs focus on taking advantage of people’s fears and uncertainties around the virus, sometimes to devastating effect.”
Katy Worobec, Managing Director - Economic Crime at UK Finance
This is the sad truth. Earlier this year, at the height of the global pandemic, the Investment Association warned that scammers are increasingly leveraging the coronavirus pandemic as a means of targeting savers and investors, with vulnerable consumers at the most risk.
Here we cover off the ways in which scamming and online fraud can occur, and highlight some basic steps that you can take to protect yourself.
What is phishing and how can you spot it?
Phishing is amongst the most common method of online scamming. It is an attempt, usually through email, to gather personal information or to compromise technology for the purpose of financial gain or malicious activities.
Many frauds start with a phishing email. Remember that financial institutions will not send an email asking you to click on a link to confirm your bank details, so do not trust such emails even if they look genuine. You can always call the bank using the phone number on a genuine piece of correspondence.
So how can you tell a real email from a scam one?
The message has a suspicious URL: check the details carefully as some addresses can seem genuine but have subtle differences e.g. www.amazon.com vs www.amazon.org.
Poor grammar and spelling: if a large corporation has sent you an email with numerous spelling mistakes, it’s likely that it didn’t come from them. Emails will have been processed and read by multiple people and departments in large companies before being sent.
Requests for personal information: this is a big red flag. No reputable organisation would ask you to confirm personal information via email, especially not passwords. If you are in doubt about the authenticity of an email, then it is best to contact the company directly, using contact details listed on the main website.
You’re not expecting anything from the sender: if you receive an email congratulating you on winning a competition that you never entered, or you receive an email containing an attachment that you hadn’t requested, then this is likely to be a phishing email. Avoid opening any attachments that could be harmful to your computer.
Do not give personal information to organisations (such as banks, the Financial Conduct Authority, the police etc.) without verifying their credentials. Even then, it is worth being careful. We have had instances where a scammer has not hung up after telling a victim to ring the genuine organisation, thus leaving the line open. The victim dials the correct number but doesn’t get through and it is easy for the scammer to get back on the line, at which point the victim is convinced he is speaking to the genuine organisation. To prevent such an intercept, ring the organisation to confirm authenticity using a different phone.
Hacking and malware
Make sure your computer has up-to-date anti-virus software and a firewall installed, and that your software programmes are regularly updated to the latest version.
Also enable two-factor authentication (this requires two pieces of information such as your password and a random number, valid only for a limited time, sent to you by text message) – if the company concerned offers this facility, use it!
This is your first line of defence, so it is worth ensuring that it is strong and effective. Below are some examples showing how strength varies dramatically with complexity and randomness:
Password Time for computer to crack
Money375 2 hours
M0ney/928 1 month
M0ney/7’3-9x? 47 million years (more like it, but hard to remember!)
The word “money” on its own would be a very obvious password, especially for a bank account! Make it hard to guess, and avoid dictionary words or geographical names of places.
It should be as long and complex as you can manage – a random 8 letter password can be easily cracked, so mix upper and lower case, digits and punctuation marks, aiming for 14 characters or longer.
Use one password for each account – don’t re-use.
What can you do to protect yourself?
There are a few simple steps that you can take in order to reduce the risk of being a victim to online fraud.
The Take Five to Stop Fraud campaign is a useful place to start. You should always follow their simple guidance of Stop, Challenge, Protect when being asked for your money or information:
Stop: Taking a moment to stop and think before parting with your money or information could keep you safe.
Challenge: Could it be fake? It’s ok to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.
Protect: Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud.
The effects of financial fraud can be quite devastating for individuals and their families, so the more of the above measures you can adopt and put into practice, the more you will protect your assets . . . and your peace of mind!