Cyber criminals are constantly coming up with new ways to trick people into giving away personal information, as well as using tried-and-tested methods to gain access to people's website credentials and social media accounts.
A recent example of this is a phishing scam where hackers sent fake emails to high-profile Instagram accounts, asking the user to confirm their account in order to get a blue verified badge. The "verify account" button in the email took the user to a phishing page that captured their email address, Instagram credentials and date of birth. The hackers then used this information to take control of the account.
This profile hacking scheme was so successful that fraudsters used it again, although this time the message was not sent via email, but through a direct message on Instagram itself. Criminals posing as Instagram's Help Centre sent direct messages to users claiming that a copyright complaint had been filed against the owner's account. To create a sense of urgency (a common technique with phishing scams) the message said the account would be permanently deleted unless the user filled out the appeal form within 48 hours. Like the first version of this scam, the appeal form link took the user to a phishing page where their personal information was stolen and their Instagram account subsequently taken over.
These phishing techniques both rely on a common strategy: posing as a legitimate organisation to trick users into giving away their personal information. Whilst this is an undoubtedly clever and sophisticated scam, there are things you can look out for to protect yourself and avoid being lured in by cyber criminals:
Be cautious of websites and messages asking for credentials and/or personal information, even if they seem legitimate.
When in doubt, contact the company through other means to confirm the message is from them.
Set up two-factor authentication on your accounts where possible.
Don’t click on the links or attachments in suspicious emails/messages.
Check the email address used. It might be very similar to the company's legitimate address but with subtle differences.
Check the message for spelling or grammatical errors. Correspondence from legitimate companies are often proofread and won't contain such errors.
For extra peace of mind, TalkTalk customers can download our award-winning security software TalkTalk Online Defense. Just log in to My Account, select the package you want and you'll receive an email from F-Secure to install it on to your device. Even if you click on a suspicious link, Online Defense will check to make sure that it is not harmful and give you a warning if it is.