As of August 2024, the National Cyber Security Centre (NCSC) received more than 34 million reports of phishing scams which resulted in 193,000 scams being removed across 352,679 URLs (Uniform Resource Locators otherwise known as a web address).(1)
Cyber criminals are becoming more sophisticated in their tactics, using scam emails, text messages, or phone calls to deceive their victims. Their goal is often to lure you to a website that could infect your computer with a virus, steal your bank details or collect other personal information.
What’s more, they will look for any information about you online which helps make their phishing/smishing/ vishing (see definition box) attempts even more convincing. They employ psychological tactics such as applying time pressure which may come in the form of an urgent message for help or tickets to a sold-out event. The sole aim is to get you to act fast without having time to stop and think.
However, there are ways to fight back with the following secret weapons!
Arm yourself with knowledge
One of the best ways to protect yourself from fraud is by knowing the tactics fraudsters commonly use and the signs to look out for.
Visit www.stopthinkfraud.campaign.gov. uk/how-to-spot-fraud to find out the red flags to look out for, from ‘how to spot a phishing email’ to ‘how to spot a fake website’. Keep up to date with the latest scams from www.actionfraud.police.uk/news, such as WhatsApp group chat fraud, top frauds targeting young people, ticket fraud and much more.
Increase your email security
To prevent a cybercriminal from accessing your email, which could also result in them being able to access your other online accounts, personal or business information, there are two actions you can take right now:
1) Use a strong and different password for your email – the NCSC recommends using 3 random words (not associated to your pets or family) and combining them with numbers and symbols to make it harder to crack e.g. CupNetba11F!sh.
2) Turn on 2-step authentication for your email – this provides added protection as it requires more information to prove your identity. For example, getting a code sent to your phone when you sign in on a new device.
Beware of…
Voice cloning: AI is giving fraudsters new ways to target people – they can now use voice cloning technology to replicate a person’s voice from as little as three seconds of audio, which can be easily captured from a video someone has uploaded online or on social media. The scammer will piece together that person’s family (or friend) connections via social media, phishing emails, public records or even data breaches sold on the dark web. They will use voice cloning to stage a phone call, voice message or voicemail to them, asking for money/information that is needed urgently. In Starling Bank’s recent survey, nearly 1 in 10 (8%) respondents said they would send the family member whatever they needed in this situation, even if they thought the call seemed strange – potentially putting millions at risk.(2)
Spoofing: Fraudsters can call (or text) your landline or mobile from a phone number that looks genuine. They change the number they’re calling from, so it appears on your caller ID as someone you think you know or trust
Use a password manager
You may be using one password for all your online accounts, and this is a cybercriminal’s dream. We always advocate a different password for each online account, and this is where a password manager comes in handy, securely storing ALL your passwords in one place – all you have to remember is the “master” password to log in. At Equilibrium, we use Dashlane but there are many others out there.
Enhance privacy on WhatsApp
Many of us use WhatsApp daily to communicate with family and friends. By adjusting privacy controls, you can protect your personal information and ensure it doesn’t fall into the wrong hands. Control who sees your information such as profile photos, status, last seen and live location. Review your options under Settings > Privacy or visit the WhatsApp Help Center to learn how to stay safe on WhatsApp.
What’s the difference?Phishing: Involves fraudulent emails to steal information. These emails often contain links to fake websites or attachments with malware. Smishing: Uses SMS (text messages) to deceive victims. Smishing messages typically include a link to a malicious site or a phone number to call. Vishing: Utilises phone calls to extract sensitive information. |
Share a secret password
Having a secret password that’s known only to your family is a useful tool to have in your arsenal against cybercriminals who use vishing or smishing as their method of attack.
Scammers can now call or text from a number which looks genuine on your caller ID (known as ‘spoofing’). With the help of AI, they can even imitate voices (known as ‘voice cloning’) to make it more convincing.
Next time you receive an out-of-the-blue phone call or message from, what appears to be, a family member, asking for money or advising of a change of number, check whether it’s really them by asking them for the secret password.
At Equilibrium, security is a top priority. We will always check we are speaking to you by asking a security question stored on record. If you haven’t set this up already, please contact your Client Manager.
Backup anything you value
Back up anything that would inconvenience you if you could no longer access it, should your device(s) be lost, stolen or compromised (due to a virus). You can backup via cloud storage or on removable media (such as a USB stick or an external hard drive). Tip: ‘Back up’ is usually found under Settings on any device.
Online shopping – beware of scams!
Excited to score great deals while shopping online? You’re not alone. Unfortunately, cyber criminals are also looking to take advantage, using increasingly sophisticated scams to trick unsuspecting shoppers. Here are four common tactics they use.
Headlines such as “Now 75% off a new iPhone! While stocks last!” or “90% off all electronic appliances at John Lewis” are crafted to make you click a link quickly and without thinking. Be cautious when you see them in your email inbox or social media ads, as they could be scams.
Another tactic cyber criminals use is impersonating parcel couriers. If you receive a message about a parcel you don’t recognise, don’t reply to it.
Even search results aren’t safe. Scammers buy ad space to promote fake websites that sell popular products. These sites may look legitimate but are designed to steal personal and financial information.
Three handy tips:
- Double-check deals by visiting retailer websites directly, not through links in emails or ads.
- Ignore messages about unknown parcels and verify directly with courier services if unsure.
- Use search engines cautiously; avoid clicking on sponsored ads for popular products.
For more information on how to spot and report fraud, visit Stop! Think Fraud – How to stay safe from scams.
The article is intended as an information piece and should not be construed as advice.
Sources
(1) NCSC.gov.uk/phishing scams
(2) Starling Bank launches ‘Safe Phrases’ campaign – Starling Bank
