Five must-know cyber threats

02 March 2023

In today’s fast-paced digital age, scammers know they are just a click-of-a-button away from gaining access to your most valuable and sensitive data.

Attack opportunities are aplenty. From hackers sending out upwards of three billion scam emails every day1, to 24 billion usernames and password combinations circulating on the ‘dark web’2, the numbers behind cyber-crime may seem mind-boggling. But the threat is very real.

In the article below, we look at the ever-changing cyber-threat landscape – and tackle the five most serious cyber challenges facing your assets today.

1. Phishing – don’t take the bait

Email ‘phishing’ may be one of the oldest tricks in the scam book, but it’s still an incredibly effective ruse.

While most people can spot a malicious email from a mile off, the sheer number of messages being sent out today means that enough people will unfortunately fall for these scams to keep the fraudsters going.

“Phishing is just a numbers game for scammers seeking your sensitive personal information, such as passwords, or financial data from bank details so that they can the monetise,” says Archie Nelson, Operational Requirements Lead at XCyber.

“All they need to do is load the bait and cast the net. For the hackers, these phishing campaigns are crimes with little investment required and potentially big returns.”

Due to many large-scale data breaches, the threat of phishing is growing, not diminishing – as more and more data finds its way into the murky world of the underground economy where hackers can buy and sell secrets to attack future victims.

It’s also fuelling more sophisticated attacks, where hackers will piece together information to craft highly personalised emails targeting specific individuals (rather than just blanket emailing) – in a bid to increase their success rates.

Stay safe: The best way to deal with a phishing attack is to scrutinise every email you’re sent. The biggest risk is complacency. Always be on your guard, especially if there’s a link, attachment, or instruction to pay a bill.

2. Spotting a fake parcel delivery text

Another cyber scam that’s gaining traction is the fake parcel delivery message. Typically, you receive a text message or email saying your package is delayed, or you need to make a small payment to get it delivered.

With online shopping becoming so commonplace, the criminals know that many of us will have ordered goods and will be awaiting parcel deliveries at home. 

“Fake delivery texts are rife at the moment, and they can be hard to distinguish from a genuine courier message,” adds Nelson at XCyber. “You need to scrutinise any message closely and be particularly wary of clicking on any links.

“Because if you do click through, and hand over your bank details – unexpected payments are only moments away from appearing on your bank statement.”

Stay safe: Always look at the URL within the text message. If it doesn’t match the business, quite often it’s a fraudulent link. And while it might sound excessive, you shouldn’t hesitate to question every text you’re sent. Often, your instinct will tell you when something isn’t quite right.

3. Avoiding tax refund scams

As the tax year-end approaches, scammers will switch their phishing campaigns to ‘re-bait’ their messages – sending notifications about tax rebates or refunds, or demand that you hand over personal information.

Cyber-criminals are adept at impersonating a range of organisations, as shown during the heat of the pandemic when scammers exploited worries over COVID-19 to target victims online.

Malicious messages may also be part of a wider scam. It’s important that you don’t reply or click on any links – and don’t be afraid to hang up if you get an unusual call. Tax authorities will also never ask for personal or financial information by email or text message.

Stay safe: To spot a scam, look out for poor spelling and grammar – often a tell-tale sign of a phishing email. You may also want to contact your tax authority directly (using their official website) to check if the message you’ve just received is genuine or not. 

4. The password re-use problem

‘Credential stuffing’ is an attack technique where hackers use the login information from one online account and apply it to others. Criminals will re-use stolen username and password combinations to try and break into thousands of websites at a time.

It’s a growing problem, in part due to more services moving online – requiring users to set up accounts, as well as more mass-scale data breaches, which has led to huge numbers of stolen usernames and password pairs circulating on underground websites. 

“With an estimated 24 billion email addresses and passwords sloshing around the dark web, that’s three for every person on the planet,” warns Nelson at XCyber.

Stay safe: Avoid using the same passwords and pin codes across multiple online accounts and services. Introducing variety will make it harder for the criminals to access your data and assets. It might sound like extra hassle in the short term, but you’ll kick yourself if your simple password ends up costing you dear further down the line.

5. Keeping ‘shoulder-surfers’ at bay

A ‘shoulder surfer’ is a criminal who looks over your shoulder to nab vital information as you use your laptop, ATM machine or any other electronic device in public.

Today’s eagle-eyed shoulder-surfers are more interested in your mobile phone – and the banking apps installed on them.

A typical attack will see them snoop over your shoulder to learn the phone’s PIN. They will then wait for the right moment to attempt to steal your phone. Once in their possession, they’ll be able to unlock the phone – trying the same PIN to access your banking apps, or even search the phone’s notes section to find other passwords and PINs. If successful, they’ll start draining funds from your accounts.

Thankfully, biometric authentication, like fingerprints or facial recognition, adds another layer of security – making it harder, but not impossible, for scammers to access your accounts.

Stay safe: For extra protection on top of this, most online services offer two-factor authentication. This requires a one-time code – either from an app or text – along with your main password to access an account. “If you can, you should always apply two-factor authentication to all the online accounts that you care about, such as emails and anything finance related,” says Nelson at XCyber.

Related articles

This communication is general in nature and provided for information/educational purposes only. It does not take into account any specific investment objectives, the financial situation or particular needs of any particular person. It not intended for distribution, publication, or use in any jurisdiction where such distribution, publication, or use would be unlawful, nor is it aimed at any person or entity to whom it would be unlawful for them to access.

This communication has been prepared by Barclays Private Bank (Barclays) and references to Barclays includes any entity within the Barclays group of companies.

The communication is:

  1. not research nor a product of the Barclays Research department. Any views expressed in these materials may differ from those of the Barclays Research department. All opinions and estimates are given as of the date of the materials and are subject to change. Barclays is not obliged to inform recipients of these materials of any change to such opinions or estimates;
  2. not an offer, an invitation or a recommendation to enter into any product or service and do not constitute a solicitation to buy or sell securities, investment advice or a personal recommendation;
  3. is confidential and no part may be reproduced, distributed or transmitted without the prior written permission of Barclays; and
  4. has not been reviewed or approved by any regulatory authority.

Any past or simulated past performance including back-testing, modelling or scenario analysis, or future projections contained in this communication is no indication as to future performance. No representation is made as to the accuracy of the assumptions made in this communication, or completeness of, any modelling, scenario analysis or back-testing. The value of any investment may also fluctuate as a result of market changes.

Where information in this communication has been obtained from third party sources, we believe those sources to be reliable but we do not guarantee the information’s accuracy and you should note that it may be incomplete or condensed.

Neither Barclays nor any of its directors, officers, employees, representatives or agents, accepts any liability whatsoever for any direct, indirect or consequential losses (in contract, tort or otherwise) arising from the use of this communication or its contents or reliance on the information contained herein, except to the extent this would be prohibited by law or regulation.