Seven ways to help protect against ‘phishing’
4 minute read
It’s a sad reality of daily life that cybercrime is an ever-present danger. Online fraudsters are relentlessly trying to steal your money, with no regard for the pain and damage they may cause in the process.
It doesn’t matter where you are in the world, or what time of day or night it is, there are people out there callously attempting to exploit any IT security weakness that they can.
Thankfully, there are some simple things which we can each do, to help keep the fraudsters at bay – especially when they’re attempting to commit the crime known as ‘phishing’.
Phishing: What is it?
‘Phishing’ is an email-based fraud, in which the fraudster will attempt to trick you into divulging passwords or sensitive information, often in an attempt to steal money.
As Carrie Wade, Head of Fraud Governance at Barclays Private Bank explains, criminals use phishing tactics in a couple of different ways: “They will either send you an email containing a link to a fake website, requesting that you enter financial information, passwords or other sensitive information.”
“Alternatively, their seemingly innocuous emails may contain a harmful attachment in the form of a document, form or notification,” she continues. “The criminals want you to open these harmful attachments so that their ‘malware’ – which is software designed to gain unauthorised access to a computer – breaks through your digital defences.”
Seven ways to protect yourself
As onerous as it may sound, it’s worth scrutinising every message you’re sent, especially if there is a link, attachment, and/or instruction to pay a bill. This includes over email, social media and even text message.
Here are 7 simple pointers worth remembering:
1. At Barclays, we will never:
- ask for your full password or PIN
- provide you with details to make a payment, or,
- request that you grant us access to your systems or PC
2. Be alert to the style, tone and grammar of emails you receive, especially if the email doesn’t address you by name. For example, an email starting with “Dear Sir/Madam”, may merit extra scrutiny. Also be aware of urgent demands – malicious emails tend to use scare tactics and threats to get a quick response.
3. If you are invoiced for a service received – even if you are expecting the bill – always check the payment details, including the account number and sort code are correct. Criminals have been known to intercept genuine invoices and change the payment details so that the money goes to them instead. If you have any doubts, call your supplier, on a previously verified number and ask for clarity.
4. Never enter any personal or security information on a site accessed through a link in an email.
5. Never click on links or open attachments from senders you are unsure of.
6. On sites that require you to input sensitive information, look for ‘https’ in the website address – the ‘s’ stands for ‘secure’, though be aware that this does not guarantee the website is genuine.
7. Do not assume a sender is genuine because they know information about you / your company, or because their email address looks familiar. Fraudsters are skilled in collecting personal information about their targets, and can spoof email addresses or compromise email accounts making emails appear to be from a genuine contact, including someone from your own organisation.
Final thoughts
Simply by staying alert at all times to the threat, and by never accepting anything at face value, you can help strengthen your defences.
As Carrie Wade concludes: “You can never be too careful and as sad as it may sound, it pays to be suspicious.”
We will post more articles in the coming months to help you stay wise to the risks of cybercrime.
Related articles
Disclaimer
This communication is general in nature and provided for information/educational purposes only. It does not take into account any specific investment objectives, the financial situation or particular needs of any particular person. It not intended for distribution, publication, or use in any jurisdiction where such distribution, publication, or use would be unlawful, nor is it aimed at any person or entity to whom it would be unlawful for them to access.
This communication has been prepared by Barclays Private Bank (Barclays) and references to Barclays includes any entity within the Barclays group of companies.
This communication:
(i) is not research nor a product of the Barclays Research department. Any views expressed in these materials may differ from those of the Barclays Research department. All opinions and estimates are given as of the date of the materials and are subject to change. Barclays is not obliged to inform recipients of these materials of any change to such opinions or estimates;
(ii) is not an offer, an invitation or a recommendation to enter into any product or service and does not constitute a solicitation to buy or sell securities, investment advice or a personal recommendation;
(iii) is confidential and no part may be reproduced, distributed or transmitted without the prior written permission of Barclays; and
(iv) has not been reviewed or approved by any regulatory authority.
Any past or simulated past performance including back-testing, modelling or scenario analysis, or future projections contained in this communication is no indication as to future performance. No representation is made as to the accuracy of the assumptions made in this communication, or completeness of, any modelling, scenario analysis or back-testing. The value of any investment may also fluctuate as a result of market changes.
Where information in this communication has been obtained from third party sources, we believe those sources to be reliable but we do not guarantee the information’s accuracy and you should note that it may be incomplete or condensed.
Neither Barclays nor any of its directors, officers, employees, representatives or agents, accepts any liability whatsoever for any direct, indirect or consequential losses (in contract, tort or otherwise) arising from the use of this communication or its contents or reliance on the information contained herein, except to the extent this would be prohibited by law or regulation.