Fraud and Cybersecurity on the rise

Fraud and cybersecurity threats are on the rise.

In our ever-changing world, scammers will sadly always be present. It has become vitally important to recognise these scams, and where possible, report them.

As I am sure most of you will have received some sort of scam email or phone call you will most likely be aware of some of the regular scams going around.

One of the best sources of information about new and upcoming scams is the Action Fraud news, Available Here. (https://www.actionfraud.police.uk/news)

With the addition of COVID-19 the scammers have jumped at the chance to take advantage. From grants and funding to vaccines and holiday bookings, it is important to be aware of potential scams in everything you do.

We thought it best to give you a few examples of the common scams going around and what to watch out for.

Phishing Scams:

These are often the most common scams seen. They will appear to be from a genuine source with the relevant company branding all over it. HMRC is just one of the scams have been increasing rapidly during the COVID lockdown. Often promising grant funding, bounce back loans and tax relief.

Here are a few of the tell-tale signs to watch out for:

• Poor spelling and grammar. Official notices have often been screened by more than one person and will not contain spelling mistakes and poor use of grammar.
• Links that do not go to the official source. Although a link might say HMRC or your bank on the face of the email, that doesn’t mean that is where it is going, hover over a link (Do Not Click It), in the bottom left of your email window (if you use outlook, other email programs my appear in a different location) a box shows the link address it is trying to take you to, make sure this matches exactly where you would expect it to go.

• Requests to verify personal information. Usually targeting online banking logins, addresses and other financial information. Official notices will not ask for this type of information.
• Sender email address. This is one of the easiest ways to identify a scam message, most will have either number added or characters changed to make it look like a legitimate address. Others will simply come from a free mail account such as Gmail or outlook.com. always ask yourself, is sally1234@gmail.com really sending me an official notice from HMRC??? Often the email address does not match the signature in the email itself. E.g., email sent from sally1234@gmail.com but the email is signed kind regards John.
• Emails asking for you to enable Macros, adjust security settings or install applications are almost certainly scams! You should never allow these to open or make any adjustments to your security.
• It’s not just emails that are used to try to scam you. Scammers will often purchase domain names very similar to a legitimate one, such as microsolt.com, these can often fool the eye on first read. The site itself is constructed to look almost identical to the legitimate alternative, the biggest mistake the scammers make is inconsistencies, outdated logos, typos or asking for information the legitimate site wouldn’t ask for.
• With websites you will often find the page is actually a static image of the legitimate site, but a popup appears requesting information.
• Social Media scams have been going since the early days, but scammers are getting more inventive. They use Social Engineering in an attempt to make it fun for a target to interact with their activity. For those of you that use social media you have more than likely seen the list scam in action, where friends share a list of questions designed to seem like a bit of fun.

Name of your favourite pet?

First place you lived?

How long have you been married? Etc.

All of these questions have one single purpose, they are the most commonly asked questions for password recovery on most websites. So, all you are doing when posting this information is giving scammers the answer to everything, they need to reset your password and access your accounts.

You can learn more about social engineering here (https://en.wikipedia.org/wiki/Social_engineering_(security))

If you believe you have been a victim of a phishing attack in any way:

1. Contact your IT professional or your IT department if using a work computer.
2. Immediately change all passwords associated with the affected accounts. (make sure you are logging in through an official site before you attempt to change them)
3. Monitor your bank accounts and report any fraudulent activity straight away.

Please feel free to get in touch if you need any further advice.