Seven ways to help protect against ‘phishing’
It’s a sad reality of daily life that cybercrime is an ever-present danger. Online fraudsters are relentlessly trying to steal your money, with no regard for the pain and damage they may cause in the process.
It doesn’t matter where you are in the world, or what time of day or night it is, there are people out there callously attempting to exploit any IT security weakness that they can.
Thankfully, there are some simple things which we can each do, to help keep the fraudsters at bay – especially when they’re attempting to commit the crime known as ‘phishing’.
Phishing: What is it?
‘Phishing’ is an email-based fraud, in which the fraudster will attempt to trick you into divulging passwords or sensitive information, often in an attempt to steal money.
As Carrie Wade, Head of Fraud Governance at Barclays Private Bank explains, criminals use phishing tactics in a couple of different ways: “They will either send you an email containing a link to a fake website, requesting that you enter financial information, passwords or other sensitive information.”
“Alternatively, their seemingly innocuous emails may contain a harmful attachment in the form of a document, form or notification,” she continues. “The criminals want you to open these harmful attachments so that their ‘malware’ – which is software designed to gain unauthorised access to a computer – breaks through your digital defences.”
Seven ways to protect yourself
As onerous as it may sound, it’s worth scrutinising every message you’re sent, especially if there is a link, attachment, and/or instruction to pay a bill. This includes over email, social media and even text message.
Here are 7 simple pointers worth remembering:
1. At Barclays, we will never:
- ask for your full password or PIN
- provide you with details to make a payment, or,
- request that you grant us access to your systems or PC
2. Be alert to the style, tone and grammar of emails you receive, especially if the email doesn’t address you by name. For example, an email starting with “Dear Sir/Madam”, may merit extra scrutiny. Also be aware of urgent demands – malicious emails tend to use scare tactics and threats to get a quick response.
3. If you are invoiced for a service received – even if you are expecting the bill – always check the payment details, including the account number and sort code are correct. Criminals have been known to intercept genuine invoices and change the payment details so that the money goes to them instead. If you have any doubts, call your supplier, on a previously verified number and ask for clarity.
4. Never enter any personal or security information on a site accessed through a link in an email.
5. Never click on links or open attachments from senders you are unsure of.
6. On sites that require you to input sensitive information, look for ‘https’ in the website address – the ‘s’ stands for ‘secure’, though be aware that this does not guarantee the website is genuine.
7. Do not assume a sender is genuine because they know information about you / your company, or because their email address looks familiar. Fraudsters are skilled in collecting personal information about their targets, and can spoof email addresses or compromise email accounts making emails appear to be from a genuine contact, including someone from your own organisation.
Simply by staying alert at all times to the threat, and by never accepting anything at face value, you can help strengthen your defences.
As Carrie Wade concludes: “You can never be too careful and as sad as it may sound, it pays to be suspicious.”
We will post more articles in the coming months to help you stay wise to the risks of cybercrime.