You wouldn’t let a thief enter your home, but what if the thief was masquerading as someone familiar, such as a postman, and tricked you into opening the door? Phishing works in a similar way - people open the doors to their personal data, giving up login details, passwords or even payment details to malicious e-mails, links or websites designed to look like they’re authentic. That information can then be used to commit fraud and cyber crime.
The national Cyber PROTECT Network, led by the City of London Police and in partnership with Action Fraud, is warning people to lookout for phishing messages on National Fish and Chip Day. Action Fraud received over a quarter of a million reports of phishing between April 2018 and March 2019. Over two thirds of these reports were about emails claiming to be from a well-known brand. There were almost 70,000 that related to phishing phone calls, otherwise known as vishing, and close to 18,000 relating to phishing text messages, known as smishing.
Commander Karen Baxter, National Police Coordinator for Economic Crime at the City of London Police, said:
"Fraudsters often use spoofed phone numbers and email addresses to trick you. If you receive a message claiming to be from a well-known brand or organisation, always check directly with that brand or organisation to see if it is legitimate. If something feels wrong then it is usually right to question it."
Phishing is an enabler of fraud. These messages are commonly used by fraudsters to gain access to the victim’s personal details, including date of birth, banking details and addresses. The victim’s details are then used to commit fraud and / or cyber crime. The most commonly spoofed sectors are telecoms companies, technology brands and Government organisations.
Criminals are constantly evolving the tactics they use to carry out these phishing attacks, which is why it’s sometimes difficult for people to know what to look out for. We’ve got some simple advice that can help you protect yourself from most phishing attacks:
Don’t click on the links or attachments in suspicious emails, and never respond to unsolicited messages and calls that ask for personal or financial details.
Caller ID and email addresses can be spoofed by criminals, so these shouldn’t be used to determine if the communication is legitimate.
Anyone who has provided personal or financial details as a result of a phishing message, has lost money to a fraudster, or you have received a phishing message, even one not acted upon, should report to Action Fraud.
One victim who spoke to the City of London Police’s Economic Crime Victim Care Unit said he felt stalked and warned people to be cynical, never doubt their instincts and react quickly to an attack. He knew he was compromised at the time and changed his passwords, but says that he now wishes he had reacted quicker. It wasn’t until speaking to people he knew that worked in IT that he was informed of what further steps to take. He then spent 24 hours cancelling false log ins and changing passwords. He advised people to log into their settings to see how many sessions they are logged into for their online accounts.