Cyber crime dominated many headlines in 2016 and costs billions in the UK, with individuals and businesses being hit by cyber criminals. Every year, we take a look at cyber crime and the evolving ways that criminals are trying to access funds. Here, we look at how you can protect yourself from Phishing, Pharming, Malvertising, Vishing and SMishing in 2017.
Phishing is typically carried out by a spoof email which is almost identical to a legitimate one and directs users to enter details into a fake website (which also looks and feels like the real site). Popular phishing scams include spoof emails from your bank, eBay, PayPal and HMRC.
Things to look out for:
- Sender email – does it sound familiar or is it just trying to mimic the correct email?
- Subject line - phishing emails often contain subjects which scare readers into action or offer something desirable. For example, a copy-cat PayPal email may suggest your account is blocked, and emails pretending to be from the HMRC may offer you a tax rebate.
- Your name – beware of emails which have no name on them or start with generic terms such as ‘Hello’. A genuine company should have your name.
- Check the language - is the body of the email riddled with spelling mistakes and bad grammar? Many phishing emails originate outside of the UK and are written in bad English.
- Is there a hyperlink attached? If there is an attachment / link in the email – and the message stresses for you to click it - don’t! Visit the website directly and log in instead.
Pharming is a scam where a hacker installs malicious code, often through a link in a fake email, on your personal computer or server. This code then redirects clicks you make on a website to another fraudulent website without your consent or knowledge – e.g. your internet banking page.
Things to look out for:
- Padlock watch – once you’re on a secure website, such as your internet banking log-in page, look for the key or lock symbol at the bottom of the browser and in the web address at the top of the page, and make sure it starts with https:/
- Be alert - if the website looks different than when you last visited, be suspicious.
- Check the web address - always ensure that, once the page has loaded, the URL is spelt correctly and hasn’t redirected to a slightly different spelling.
- Antivirus software - keeping this software up-to-date will help to fight against pharming.
Vishing is when criminals try to obtain your personal details by phone. Criminals can go on to use this personal information to commit cyber crime. E.g. they might phone you and ask for your banking log-in details and then access your online banking account to access your funds.
SMiShing is similar to email phishing except they happen via text message. You might receive a text that appears to come from your bank or building society, asking you to provide personal information. This information can then be used to access your bank account. These texts can also trick victims into downloading a Trojan Horse or other malware onto their phone/device. Trojans can be used by cyber criminals to gain access to your data.
How to avoid Vishing and SMishing
- Never reveal personal log-in information such as usernames, passwords, PINS or ID numbers over the phone, via text or in an email. A bank, building society or other reputable organisation will never ask you for this information.
- Do not open attachments or web links in text messages from an unknown source.
Malvertising is a method whereby users download malicious code by simply clicking on a website which features a malvertising-infected advert – or by hovering over or clicking on a malicious advertisement. In many cases the websites are innocent - cyber criminals have just inserted a malicious advertisement onto the site. The advertisement will download a short information-stealing malicious code onto your computer. You do not need to click on the advert – the malicious code can start to download when the web page loads, or when you hover over the advert.
How to avoid malvertising
Precaution is the only key to avoid malvertising as malicious ads can appear on reputable websites:
- If any advert looks overtly promising, simply avoid them – e.g. offering the 100th visitor to the website a great prize
- Make sure you have good antivirus software installed on your computer
- Keep your computer operating system and your installed software, including browser plugins, updated