Overview – Protecting Your Business & Employees Against Cyber Fraud
Please note this article is under constant review and will be updated regularly as new methods of attacks and scams become more widespread.
In today’s digital world, it’s essential to be aware of the risks associated with online scams. Cybercriminals employ various deceptive tactics to trick individuals into divulging personal information, stealing money, or compromising their security. In this informative and friendly guide, we will explore common online scams, how they work, and provide essential tips to help you stay safe from these fraudulent practices.
It is increasingly important for businesses to improve online banking security awareness for employees to safeguard their own financial assets and maintain trust with their customers.
Your bank will never ask for the following details on the phone, in an email or an SMS:
– Your 4-digit PIN
– Credit or debit cards, chequebooks, or cash
– Online banking codes, passwords or codes generated by security keypads
– Transferring funds to a different account for “safekeeping”
In this multi part article, we will explore several effective strategies that businesses can implement to improve online security and prevent scams and business fraud.
Social Engineering
It’s much easier to “hack” people than computers. This technique, known as social engineering, is surprisingly simpler than we might realise.
What Is Social Engineering?
Social engineering involves the art of psychological manipulation to deceive individuals into divulging sensitive information or performing actions that may compromise their security.
Scammers exploit our natural human tendencies, such as trust, curiosity, and desire for helpfulness, to achieve their malicious goals.
Scammers use various techniques, including:
- Phishing: Sending fraudulent emails or messages that appear legitimate, aiming to trick recipients into providing personal information or clicking on malicious links.
- Pretexting: Creating a fabricated scenario or pretext to trick individuals into disclosing sensitive information or granting unauthorized access.
- Impersonation: Posing as someone in authority, such as a bank representative, IT personnel, or a trusted colleague, to gain trust and manipulate victims into sharing confidential data.
How To Spot Social Engineering
Stay vigilant and watch out for the following signs that may indicate social engineering attempts:
- Personal Info: Unsolicited requests for personal information or login credentials through emails, messages, or phone calls.
- Fear & Urgency: Urgent or high-pressure tactics, creating a sense of panic or immediate action.
- Data Protection: Requests for financial transactions or access to sensitive data without proper verification processes.
- Unverified Sender: Unusual or unexpected communication from known contacts, especially if it involves sharing confidential information.
Advice & Guidance
You can take proactive measures to safeguard yourself from social engineering attacks:
- Verify Requests: Independently authenticate any requests for personal information, login credentials, or financial transactions. Use official contact information obtained from trusted sources.
- Be Wary of Urgency: Exercise caution when pressured to act quickly. Scammers often rely on urgency to bypass your natural skepticism. Take time to verify requests and confirm their legitimacy.
- Educate Yourself: Stay informed about the latest social engineering tactics and common scams. Regularly update your knowledge and share awareness with friends, family, and colleagues.
- Maintain Privacy Settings: Adjust your privacy settings on social media platforms to limit the amount of personal information available to potential scammers.
- Think Before You Share: Be cautious about sharing personal details online or over the phone, especially with unfamiliar individuals or unsolicited requests.
Phishing (Emails)
Phishing is a common online scam that aims to trick individuals into revealing sensitive information, such as passwords, credit card details, or personal data.
What is Phishing?
Phishing is a fraudulent technique used by cybercriminals to impersonate trusted entities, such as banks, social media platforms, or government agencies. They send deceptive emails, messages, or create fake websites to trick individuals into disclosing their confidential information.
Phishing scams often involve the following tactics:
- Deceptive Emails: Scammers send emails that appear to be from legitimate sources, requesting you to click on malicious links or provide sensitive information.
- Fake Websites: Cybercriminals create convincing replicas of legitimate websites to deceive users into entering their login credentials or personal data.
- Urgency and Fear: Phishing attempts often create a sense of urgency or fear, urging you to act quickly to avoid negative consequences, such as account closure or security breaches.
How To Spot a Phishing Attempt
Stay alert and watch out for the following red flags that may indicate a phishing attempt:
- Suspicious Sender: Check the email address or sender name for slight variations or unfamiliar domains.
- Poor Grammar or Spelling Errors: Phishing emails often contain mistakes in grammar, spelling, or formatting.
- Request for Personal Information: Be cautious if an email or message requests your passwords, credit card details, or other sensitive data.
- Urgent or Threatening Language: Phishing attempts may use urgent language to create a sense of panic or fear, pressuring you to take immediate action.
Advice & Guidance
Take proactive steps to safeguard yourself from phishing attacks:
- Verify Email Sources: Check the email address and sender’s identity carefully before responding or clicking on any links. Hover over links to view the actual URL before clicking.
- Be Cautious of Urgency: Think twice before acting on urgent requests. Legitimate organisations rarely ask for immediate action or threaten negative consequences.
- Use Strong Passwords: Create unique, complex passwords for each online account and enable multi-factor authentication where available.
- Stay Informed: Stay updated on the latest phishing techniques and common scams. Educate yourself and share knowledge with friends, family, and colleagues.
- Report Suspicious Activity: If you receive a suspected phishing email, report it to the relevant organisation or your email service provider. This helps protect others from falling victim to the scam.
Learn more about Phishing at Action Fraud
Vishing (Telephone)
In today’s digital age, scammers are constantly finding new ways to deceive unsuspecting individuals. One such method is vishing, a form of phone scam that aims to trick people into revealing sensitive information.
Vishing is similar to Phishing and Smishing but done via telephone.
What is Vishing?
Vishing, short for “voice phishing,” involves fraudulent callers posing as trustworthy individuals, such as bank representatives, utility providers, or government officials. These scammers use various techniques to gain your trust and manipulate you into disclosing personal and financial information.
Scammers employ persuasive tactics to create a sense of urgency or exploit your emotions. They may claim there is a problem with your account, an outstanding bill, or even a legal issue. By instilling fear or urgency, they attempt to pressure you into providing confidential details or making financial transactions.
How To Spot a Vishing Attempt
Be on the lookout for the following warning signs that may indicate a vishing attempt:
- Unknown Callers: Unsolicited calls from unfamiliar numbers.
- Personal Info: Callers requesting personal information, such as your PIN, passwords, or account details.
- Urgency & Fear: Urgency and high-pressure tactics, urging you to act immediately.
- Caller ID spoofing: where scammers manipulate the displayed number to appear legitimate.
Advice & Guidance
Follow these essential tips to safeguard yourself against vishing scams:
- Be sceptical: Always maintain a healthy level of scepticism when receiving unexpected calls. Remember that legitimate organisations typically won’t ask for sensitive information over the phone.
- Verify the caller’s identity: If you receive a suspicious call, ask for their name, department, and the purpose of the call. Hang up and independently verify their identity by contacting the organisation directly using official contact details from their website or official correspondence.
- Avoid sharing personal information: Refrain from sharing personal details, account numbers, passwords, or PINs over the phone unless you are certain about the caller’s authenticity.
- Stay calm and composed: Scammers may try to create panic or urgency to catch you off guard. Take a deep breath, and don’t let emotions cloud your judgment. Legitimate organisations will give you time to think and verify their claims.
- Report and block: If you suspect a vishing attempt, report it to your local authorities and your bank or relevant organization. Consider blocking the caller’s number to prevent further contact.
Smishing (SMS)
Cybercriminals are using deceptive SMS (Text Message) tactics to trick individuals into revealing sensitive information or performing actions that compromise their security.
Smishing is similar to Phishing and Vishing but done via SMS.
What Is Smishing?
Smishing involves the use of text messages to deceive individuals and steal their personal information or financial details. Scammers manipulate the sense of urgency associated with text messages to trick recipients into taking actions that may compromise their security.
Smishing scams often involve the following tactics:
- Fake Messages: Cybercriminals send text messages that appear to be from legitimate sources, such as banks, delivery services, or government organisations. These messages contain instructions or requests that lead recipients to divulge sensitive information.
- Urgency and Fear: Smishing attempts create a sense of urgency, pressuring recipients to act quickly. They often claim account issues, package delivery problems, or offer enticing rewards to lure individuals into taking action.
How to Spot a Smishing Attempt
Stay alert and watch out for the following signs that may indicate a smishing attempt:
- Unfamiliar Sender: Be cautious if you receive a text message from an unknown or unexpected sender.
- Urgent Requests: Pay attention to text messages that demand immediate action or threaten negative consequences if you fail to respond promptly.
- Suspicious Links: Be wary of text messages containing links that ask you to click on them, especially if they appear unusual or unrelated to the purported sender.
- Poor Grammar or Spelling Errors: Smishing messages often contain spelling mistakes, grammatical errors, or unusual language usage.
Advice & Guidance
Take proactive measures to safeguard yourself from smishing attacks:
- Verify the Sender: Before responding or taking any action, independently verify the sender’s identity using trusted contact information obtained directly from the organisation’s official website or customer support.
- Don’t Click Suspicious Links: Avoid clicking on links in text messages, especially if you have doubts about their authenticity. Instead, visit the official website directly or contact the organisation through their official channels.
- Be Cautious with Personal Information: Never share sensitive information, such as account numbers, passwords, or social security numbers, via text message.
- Report Suspicious Messages: If you receive a suspected smishing text message, report it to your mobile service provider or forward it to the appropriate authorities, such as Action Fraud in the UK.
- Stay Informed: Keep up to date with the latest smishing techniques and common scams. Share this knowledge with friends, family, and colleagues to create a vigilant community.
Report Scam SMS Messages
You can now report scam text messages to your phone provider via SMS on: 7726, your mobile phone provider can then investigate the origin of the text and arrange to block or ban the sender, if it’s found to be malicious.
If 7726 doesn’t work, you can find out how to report a fraudulent text message by contacting your phone provider.
Pharming (DNS)
Pharming is an advanced technique used by cybercriminals to redirect users to fraudulent websites without their knowledge or consent.
What Is Pharming?
Pharming is a type of online attack where hackers manipulate the Domain Name System (DNS) or compromise a user’s computer to redirect them to malicious websites. The goal is to trick individuals into divulging personal information, such as login credentials or financial details.
Pharming scams often involve the following tactics:
- DNS Poisoning: Attackers exploit vulnerabilities in the DNS infrastructure to redirect users to fake websites that closely resemble legitimate ones.
- Malware Infection: Cybercriminals infect a user’s computer or network with malicious software, altering DNS settings to redirect them to fraudulent websites.
- Hijacked Routers: Attackers compromise routers to manipulate DNS settings and redirect users to fake websites.
How To Spot a Pharming Attempt
Stay vigilant and watch out for the following indicators that may suggest a pharming attack:
- Unexpected Website Changes: If you notice unusual changes in the appearance or functionality of a familiar website, it could be a sign of pharming.
- SSL Certificate Issues: Pay attention to security warnings or errors related to SSL certificates when accessing websites. Pharming attacks may cause SSL certificate discrepancies.
- Password and Login Issues: If you suddenly experience difficulty logging into familiar websites, such as incorrect passwords or repeated authentication failures, it could indicate a pharming attack.
Advice & Guidance
Take proactive measures to safeguard yourself from pharming attacks:
- Keep Software Updated: Regularly update your operating system, web browser, and antivirus software to protect against known vulnerabilities.
- Be Cautious with Links: Avoid clicking on suspicious or unsolicited links, especially in emails or messages. Instead, manually enter website addresses in your browser or use bookmarks.
- Check Website Security: Look for the padlock icon and “https://” in the website’s URL before entering sensitive information. This indicates a secure connection.
- Use Reliable DNS Servers: Ensure your DNS server is reputable and trustworthy. Consider using DNS servers provided by your internet service provider or reputable third-party providers.
- Enable Two-Factor Authentication: Implement two-factor authentication wherever possible to add an extra layer of security to your online accounts.
Other Types of Scams
Online scams encompass a wide range of fraudulent activities conducted through the internet. Scammers use social engineering, fake websites, and other tactics to exploit individuals and profit unlawfully.
Understanding Online Scams:
- Phishing: Scammers send deceptive emails, messages, or create fake websites to trick individuals into revealing sensitive information, such as passwords, credit card details, or personal data.
- Fake Online Retailers: Fraudulent websites mimic legitimate online stores, enticing users with unrealistically low prices or exclusive offers. However, they often take money without delivering the promised goods.
- Advance Fee Fraud: Scammers entice victims with the promise of a large sum of money but require upfront fees or personal information to process the transaction. Once the fees are paid or the details shared, the promised funds never materialise.
- Tech Support Scams: Cybercriminals pose as technical support representatives and contact individuals, claiming that their computer is infected with malware or facing technical issues. They aim to gain remote access or extract payment for unnecessary services.
How to Spot The Warning Signs
Stay alert and watch out for the following indicators that may suggest an online scam:
- Unsolicited Requests: Be cautious of unexpected emails, messages, or calls asking for personal information, passwords, or financial details.
- Unrealistic Promises: Be wary of offers that sound too good to be true, such as guaranteed winnings, lottery prizes, or business opportunities with minimal effort.
- Poor Grammar or Spelling Errors: Scammers often make mistakes in their communication, including spelling errors, grammatical inconsistencies, or unnatural language usage.
- Requests for Immediate Payment: Scammers create urgency by demanding immediate payment or threatening consequences if you fail to comply.
- Suspicious Looking Links: Avoid clicking on links in emails or messages that appear unusual, misspelled, or lead to unfamiliar websites.
Advice & Guidance
Take proactive steps to safeguard yourself from online scams:
- Verify Sources: Independently authenticate any requests for personal information or financial transactions. Use official contact information obtained from trusted sources.
- Be Cautious with Links and Attachments: Avoid clicking on suspicious links or opening email attachments from unknown senders. Verify the authenticity of the source before taking any action.
- Research Online Retailers: Before making a purchase from a new or unfamiliar online store, research their reputation, read customer reviews, and ensure they have secure payment options.
- Educate Yourself: Stay informed about the latest online scams and common fraud techniques. Regularly update your knowledge and share awareness with friends, family, and colleagues.
- Trust Your Instincts: If something feels suspicious or too good to be true, trust your gut instinct and exercise caution.
Additional Guidance
If you think you may have been a victim of fraud or cybercrime, and live in England, Wales or Northern Ireland, you should report this to Action Fraud at www.actionfraud.police.uk or by calling 0300 123 2040. If you live in Scotland, you should report to Police Scotland by calling 101.
Useful Links
http://www.ncsc.gov.uk/collection/phishing-scams
https://www.ncsc.gov.uk/section/about-this-website/report-scam-website
