Recognising common scams

This week's theme for European Cyber Security Month is recognising cyber scams, so I thought I'd join their efforts to "to educate the general public on how to identify deceiving content in order to keep both themselves and their finances safe online". There's loads of information out there about recognising scams, but filtering good from bad advice and categorising threats to come up with a cyber security plan can be hard work.

Here's a quick guide to the three types of threat that frequently end up on Action Fraud's alert emails...

Phishing

This is the example we're all well aware of – spam emails. The difference? Gone are the Nigerian princes without spell checkers, replaced by well-crafted emails that fool us into thinking they're from our favourite brands. At first glance the logos, colours and content might be convincing, but the email addresses will be for the wrong domain, or the links don't lead to the right website.

Big brands used to trick unsuspecting customers in this year's Action Fraud alerts: Amazon, Netflix, British Gas, LinkedIn and TV Licencing to name a few.

Smishing

Smishing is similar to phishing, but in the form of spam text messages rather than emails. The goal is the same, but, because of the way businesses have started using SMS, they often use time pressures to help their recipients make poor decisions.

The recent examples provided by Action Fraud were notifications of unpaid bills (EE) and of overpayments that needed to be claimed (Argos).

There was an increase in smishing and phishing using the TSB brand at around the time they were having IT issues – if something's in the press then there's a higher chance that you're talking to a fraudster.

In the run up to Christmas it’s also with being wary of SMS from parcel companies – just because you don't know if a friend or relative is sending you something doesn’t mean the text is real. If in doubt, Google the URL for tracking a parcel at whichever company says they are contacting you... Don't click on the link.

Vishing

Finally, just in case you don't fall for scams written into texts and emails, the fraudsters might call you.

Action Fraud's alerts varied: fraudsters trying to get victims to change subscription to a new provider (and collect financial details), pretending that they're an IT support company who have found a bug on your computer (getting remote access to your PC that gives a hacker free reign), or impersonating police officers notifying victims of fraud (even if you're a victim, the police tend to like to turn up on doorsteps uninvited, not make phone calls from unknown numbers!)

Getting more information

If you want to get Action Fraud’s emails to read and forward to your own employees then you can sign up for their alerts here.

Lots of service providers and places you shop online will also offer to email you with service-specific cyber security advice.

The advantage of spamming yourself with cyber security? It's free, things from sources like Action Fraud have been verified, and it might stop you falling victim to other types of spam.