Articles

Protect yourself against phishing scams

7 minutes

Scammers will go to any lengths to trick you into handing over your personal data. We take a look at how to protect yourself.

Be on the lookout for scammers attempting to trick you into handing over personal data

  • What is a phishing scam?
  • What to look out for
  • How to report a scam

Phishing scams are attacks that use email, phone or text to entice individuals into providing personal or sensitive information.

This can range from passwords, bank card information and bank account details about a person or organisation.

Attackers will pose as legitimate representatives to gain this information, which is then used to access accounts or systems. This often leads to identity theft or significant financial loss.

These attacks are increasing all the time and hackers are becoming more sophisticated in finding new ways to target people.

Data from the Office for National Statistics (ONS)* shows there has been a general rise in fraud, with a 25% rise on pre-pandemic levels with around 4.5million offences between March 2021 and March 2022. Almost two thirds of these were flagged as cyber-related.

It is likely these figures will have increased as the cost of living crisis has now taken hold.

Attackers will exploit significant current events - for example Black Friday, the FIFA World Cup and the rise in living costs - to target their victims.

Here we take a closer look at some examples.

FIFA World Cup

Scammers often take advantage of large events such as sports tournaments or concerts. The World Cup is a huge global event, which attracts millions of fans from all over the world.

Posing as officials from the 2022 World Cup Committee, scammers sent emails and texts claiming the recipient had won a cash prize, ticket or hospitality package to watch a match in person. The real intention however, was to get the recipient to disclose their personal data or to unwittingly install software on their device so they can steal personal information.

The message may have come complete with the name of a contact person who would supposedly help them claim the prize. The scammer would then state that before any winnings could be claimed there would be a fee to be paid.

Once the payment was completed, the scammers accomplished their objectives - they'd stolen both money and personal information.

Some tips to remember:

  • Don't pay someone in order to receive a prize. Advance fee schemes are a way of stealing your money.
  • Don't click on links or attachments in emails or other messages unless you're sure they're legitimate, especially if the messages are unsolicited and request your personal data.

Cost of living crisis

Be wary of texts and emails around the cost of living crisis. There have already been reports in the media about SMS text messages and emails being sent from spoofed ‘Gov.org’ or Ofgem addresses asking people to ‘apply for' or 'claim' cost of living payments. 

The legitimate rebate will be paid directly to energy suppliers by the Government and can only be accessed as a reduction to your energy bills over a six-month period starting from October 2022.

If you do receive any text messages or emails, remember:

  • You do not need to apply for the payment.
  • You do not need to call anyone to request it.
  • The payment will be received automatically via your energy bills.
  • The Government or your energy supplier will never ask for personal details by SMS or email.

Cloned social media accounts

Social media users are being warned of a worrying rise in scammers stealing photos so they can create duplicate, fake versions of a profile page.

In October 2022 the number of Google searches for "what to do when an Instagram account is cloned" increased by a massive 336%**.

It can lead to friends, family and followers being tricked into thinking they're visiting a real Instagram or Facebook page and even directly messaging a scammer.

This can result in someone you know sending a criminal sensitive or confidential information that invades their privacy. Not only that, but if a victim believes they're chatting with someone they know on social media it can lead to them being more open to scams, for instance if they're asked to transfer money over to someone they think they know.

Besides monetary loss, fake social media pages can also lead to catfishing and a breach of privacy if personal messages or photos are shared.

If you suspect your social media account has been hacked here's what you should do:

  • Inform your friends, family and contacts immediately and advise them not to engage with the fake page whatsoever.
  • Report the account to ensure it is shut down as soon as possible and ask your friends and family to also report the scam account.

How to report scams

There are many ways to report scams and it is important to do so.

Facebook: select the three dots on the top right-hand corner of the advert of post and select ‘Report ad’ or 'Report post' before pressing ‘Misleading or scam’.

Websites: report a suspicious website to the NCSC (National Cyber Security Centre).

Emails: forward scam emails to [email protected] You can also select the ‘Report Spam’ button on Gmail, the ‘Report phishing’ button on Hotmail or Outlook and send scam emails to [email protected] on a Yahoo account.

Text messages: forward scam texts to 7726, a free reporting service provided by telecoms companies.

Phone calls: you can also report scam calls via your mobile phone by to 7726. Learn more at Ofcom.org

Your bank, or any official source, will never ask you to supply personal information via email or text message.

It only takes one click on a malicious link to cause real harm to an individual or organisation. It’s always better to be safe than sorry.

Learn more about how we fight financial crime and how to protect yourself

Data sources

*Office for National Statistics
** Express - Has your Instagram been cloned?