Have you ever entered a competition on a social media platform and been excited to be picked as the winner? This was what happened to a friend recently, he entered a competition online and later got a message through saying he had won. Great News! Although it wasn’t, he unfortunately was caught up in a phishing scam, he had passed over all his details to a fraudster and not to the legitimate company he thought he was messaging, meaning they took complete control of his bank account.
The scary thing is that this can happen to any of us. You can get an email or a message through from a company you recognise and trust and before you know it you have clicked on a link and filled out a survey or form. This would have then given the fraudsters everything they need to access your bank accounts, take over your apps and block you from getting access.
As you can see from the video, it was quite easy to see that the fraudsters are very clever with how they put a scam together, fraudsters can make it very tricky to spot if a message is real or fake and they can make a message look like it came from whoever they want it to. The example below of the webpage that was made is a real example of how confusing it can be for the victim.
As mentioned in the video, there are always some signs that you should be aware of when receiving emails and messages.
– Grammar and spelling errors – One of the easiest ways to spot a phishing email or message is if it contains poor spelling or grammar. Fraudsters intentionally add these into messages to screen out individuals who may be less observant or unable to recognise faults, this therefore would make them an easier target.
– Domain Names, URLs and Email Addresses – Take time to look at these in detail, fraudsters will often create spoof email addresses and URLS that look very similar to the real company so make sure you check them. Fraudsters in some case will simply add an extra letter which at a glance, you may not spot! If the domain names aren’t correct, don’t click.
– Suspicious attachments and links – Be careful when receiving emails or messages with links and attachments, these could contain a malicious URL or trojan that could install a virus onto your PC. Legitimate organisations will not randomly send you emails with attachments, and, if they do, they will most likely direct you to their website to do so. To check a link before you click on it you can hover over it with your mouse to see the URL.
– Panic and Urgent Action Threats – Fraudsters like to panic the recipient, it might be if you don’t reply in the next hour then you lose your prize, or if you don’t message back you will get a penalty added. Keep calm if you see these messages, they want you to panic and enter your details, but it is always important to check the links and URLs and the grammar and spelling. If you are unsure pick up the phone and call the legitimate organisation, they will be able to help or tell you if it is a scam.
– Sensitive Information Requests – Legitimate companies rarely ask customers to enter login details or other sensitive information through an email or text message. Scammers go to extreme lengths to reproduce emails and messages that immediately would look genuine to anyone looking at them. Once again if you are unsure call the correct company and check.
– Message Greeting – Fraudsters will use broad greetings such as “Dear Member” or “Dear Customer”. This is because they are generating thousands of messages to send out to possible victims. If you are signed up to a legitimate company, they will often personalise their communications. However, spear phishing attacks will normally be personalised so always check for other signs.
The best form of attack and protection against these phishing scams and fraudsters is education, being educated to look out for the signs, the dodgy URLS, the spelling and grammar, the panic and threats. If we can help pass this message on and make sure people are thinking before they act then it will help prevent the fraudsters from getting hold of your details and information and therefore stopping them from gaining a foothold into your personal details and sometimes even bank accounts and banking apps.
CETSAT offer cyber security education and training so please get in touch if you feel your company or organisation may benefit from this – cyber-security-consultancy