One in five Britons has been a victim of a phishing attack; that’s according to new research from an email and cloud services provider. GMX (Global Message Exchange) has warned British consumers to beware of phishing attacks during the Christmas season as the volume of both legitimate and fraudulent ecommerce and parcel service email increases.
Cybercriminals adapt their methods to suit the time of year, says the internet service. For example, they counterfeit emails from parcel suppliers that link to malware instead of tracking and tracing links. The fraudsters’ chances of success are higher than usual, because parcel services send millions more messages for tracking and tracing at the end of the year. Anyone expecting a package when they receive a convincing phishing mail is therefore particularly at risk, the firm says.
Jan Oetjen, CEO of GMX says: “During the festive period not only does the number of phishing scams increase, but also the quality. Cybercriminals are highly professional and manage to copy invoices or newsletters so well that they can hardly be differentiated from the original. Therefore, users should keep an eye on their mailbox with increased attention.”
Half of Britons delete phishing emails immediately when they see them, however, experts recommend marking the offending message as junk mail in order to train spam filters and help protect other internet users. 24 per cent already do this, while 2 per cent of the respondents said they open phishing mails out of curiosity – putting their data and online safety at risk, the company says.
If you suspect an email from a trustworthy company may be fraudulent, it is better to manually enter the company’s internet address in your browser instead of clicking any links directly from the email message. According to the survey, 26 per cent of the British follow this advice. To avoid being a victim of phishing, the internet company offers should advice:
– users should ask themselves whether they are involved in any current transactions with the suspected sender. For example, did you really shop at the named online store? If the answer is no, the email should be marked as spam immediately. When in doubt, if you – for example – receive an email with a payment request, you should contact the company named as the sender directly through channels other than this email message.
– an important indication of the authenticity of an email is the sender’s email address. This is suspicious if the domain (i. e. the part after the @ sign) does not match the actual sender – for example, the name of an online shop. If this is the case, the mail should be flagged as spam.
– banks generally do not request personal data such as PIN or transaction numbers from their customers via email. Such requests should therefore be ignored.
Check your online accounts and bank statements on a regular basis to make sure that no unauthorised transactions have been made.
A further clue is the greeting. Most companies address their customers by name. Many phishing emails still are mass emails, often without a personalised greeting.
About the study
Some 1101 people in Great Britain were surveyed between November 6 and 13, 2017. Results are representative of the British population 18-plus.
