Be aware of the need for Cyber Security at Christmas

Graphic of numbers with snowflakes

Unfortunately, there is no season of goodwill for cyber criminals. For them Christmas represents an opportunity to defraud people who may be more inclined to respond to messages requesting charitable donations, or who are shopping online. So, it is more important than ever to keep cyber security front of mind at this time of the year.

Here are some of the most common types of cyber fraud, and simple advice on how to avoid becoming a victim.

Phishing

Phishing involves the use of email or texts to trick victims into clicking on a link or opening a file which allows the hacker to infect recipient’s computer with malware or viruses.

Here are 5 ways to identify Phishing emails:

1. Phishing will generally aim to trigger an emotional response or sense of urgency which causes victims to react without thinking:

  • “You have won” something
  • “Invoice” for goods you did not purchase
  • Your subscription has expired” e.g., Netflix, Apple, Disney, Sky etc.
  • Your account has been blocked or suspended” e.g., Apple ID, email account, Amazon account etc.

2. Cybercriminals are adept at using topical events to create what appear to be credible email communications – recent examples include:

  • Shortly after the COVID 19 Omicron variant became news, criminals sent fake NHS emails and texts asking recipients to click a link to order free PCR tests.
  • The war in Ukraine led to a wave of bogus emails requesting charitable donations.
  • In the weeks before energy prices were set to increase in October this year, more than 1,500 reports were made to the National Fraud Intelligence Bureau about scam emails offering energy rebates from Ofgem.

Be aware that topical events are a common theme for phishing, and be wary of related unsolicited mail.

3. Look out for spelling and grammatical errors. Hackers and scammers often lack writing skills and may not have English as their first language so will use translation tools.

4. Check senders’ email addresses. An email address may look as though it is from an organisation or company you trust but hovering over the name may show something completely different - often a Gmail address.

5. Double-check hyperlink URLs. Some phishing websites look identical to the legitimate site they are mimicking, but the URL may be subtly different.

Vishing

“Vishing” - or voice phishing – is a form of cyber-attack that attempts to trick victims into giving up credit card numbers, bank account details and passwords, over the phone.

Vishing applies similar principles to phishing to make calls seem plausible and to induce a reaction. Visher scammers pose as a trusted source – for instance:

  • Someone from a bank fraud team asking for account and password details “to reset” your security.
  • An agent from a well known IT company, who tells you that your computer has a virus which they need your password to access and remove
  • An officer from HRMC claiming that you have an unpaid tax bill or a refund which needs bank details to process.

Never respond to unsolicited calls which request private information. Hang up, and if you are concerned the issue raised may be legitimate, call the organisation concerned.

Social Media Scams

A significant new trend in online crime is the use of social media by scammers.

Action Fraud, the national fraud and cyber crime reporting centre has published analysis revealing that almost half of the scams reported to them involved a well known social media platform, showing that this is by far the most likely medium for shopping and auction fraud to take place.

Things to watch out for:

  • People claiming to be friends or relatives in an emergency and asking for money
  • Unverified pages claiming to represent a well known public figure, company, or organisation.
  • People asking you to move a conversation off the social media platform to more private email or text
  • People who misrepresent their location

How to report the cyber criminals:

  • Received a suspicious text? Forward it to 7726
  • Forward suspicious emails to report@phishing.gov.uk
  • Report suspicious websites to ncsc.gov.uk/phishing-scams
  • If you are defrauded, then report to Action Fraud on 0300 1232040 or your local police force

Cybercrime is a serious threat to both individuals and businesses, so cyber cover is a valuable element of any business’ insurance programme. Contact your local GRP Group broker for advice on the right cover to provide effective protection.