- Security TWENTY
- Women in Security Awards
More than eight in ten (82pc) said they had received a suspicious message, whether a text, recorded message or live phone call to a landline or mobile, according to research by the UK telecoms regulator, Ofcom. This represents an estimated 44.6 million adults in the UK, says Ofcom, after its survey of 2,000 adults in the UK in mid-September. It warns of a rise in scam calls and texts over the last 18 months; that is, since the covid pandemic. The tactics used by fraudsters are becoming increasingly sophisticated, which include using multiple communication channels and spoofing well-known companies.
Scams are more commonly attempted via text messages with seven in ten (71pc) saying they have received a suspicious text, and three quarters (75pc) of those aged 16-34 were targeted. More than four in ten (44pc) who had received a suspicious text message reported receiving such a message at least once a week.
Suspicious calls continue to be a threat for landline users, with older people particularly susceptible, Ofcom suggests. Three in five (61pc) people aged 75 and over reported receiving a potential scam call to their landline. More than half (53pc) of respondents who received a suspicious live phone call on a landline over the last three months said that they got a call at least once a week. And four in 10 (43pc) reported getting a suspect call to their mobile phone.
More than half of people who received a suspicious text either deleted the message (53pc) or blocked the number (52pc). Almost half (49pc) of those who received a suspicious live voice call, and more than four in ten (44pc) who received a suspicious recorded message, blocked the number. But, in the last three months alone, 2pc reported following the scammers’ instructions in a message or call. This equates to almost a million people.
The research also suggested that almost eight in ten (79pc) mobile phone users are not aware of the 7726 number used to report a suspected text or call – although a similar figure (81pc) agreed that reporting messages is helpful in preventing people being scammed.
Lindsey Fussell, Ofcom’s Networks and Communications Group Director, said: “Criminals who defraud people using phone and text scams can cause huge distress and financial harm to their victims, and their tactics are becoming increasingly sophisticated. Stay alert to any unsolicited contact. Put the phone down if you have any suspicion that it is a scam call, and don’t click on any links in text messages you’re unsure about. Report texts to 7726 and scam calls to Action Fraud or Police Scotland.”
For more Ofcom advice on protecting yourself from scams calls and texts visit https://www.ofcom.org.uk/.
What is 7726?
7726 is a number used by the major mobile phone companies to allow their customers to report unwanted texts; chosen because 7726 spells ‘SPAM’ on an alphanumeric phone keypad.
Raj Samani, pictured, Chief Scientist and McAfee Enterprise fellow, called it a stark reminder that cybercriminals are resourceful; continually expanding their tactics and target groups. He said: “As well as posing a threat to individuals across the country, these ongoing scams also intensify the threat for businesses. Many employees today are accessing work files and information across both corporate and personal devices, meaning that while criminals could be targeting an individual, the goal could be accessing sensitive enterprise information.
“Businesses need to educate their workforce on best practices, such as reporting any suspicious activity, questioning whether a link is dodgy, or thinking before accepting an unknown phone call. Employees must be aware of, and vigilant against, threats to avoid making it too easy for criminals to cash in on both personal and company data.
“It is also crucial that organisations deploy the necessary security protections across their enterprise. For example, they should look to adopt a Zero Trust mindset that can help them maintain control over access to the network and all instances within it, such as applications and data, and restrict them if necessary. By taking these measures, organisations can rest easy knowing that they have taken the correct steps to protect themselves and their workforce from cyber-led scams.”
Carl Wearn head of e-crime at Mimecast said:
“It is positive to see the government set up a task force to fight the growing problem of online scams. There are a range of actions that could be taken, and any success should be judged against actions taken. Cybercriminals are increasingly looking to take advantage of the trust people have in brands to trick them into sharing personal information. Mimecast’s recent Brand Trust report found that 43pc of UK companies say the misuse of their brand in phishing emails increased over the last 12 months and 19pc of Brits say they receive a phishing email every single day. This is a problem that isn’t going away and more needs to be done to prevent the public falling for these scams, with 24pc of Brits surveyed thinking it is likely they will open a phishing email in the next 12 months.
“Brands must also do more to prevent their brand being exploited, or risk losing customers. Our research found that 73pc of UK consumers said it’s the brand’s responsibility to protect itself from fake versions of its website and 62pc said it’s the brand’s responsibility to protect itself from email impersonation. It is clear that consumers see it as the brand’s responsibility and are willing to vote with their wallets if they fall victim to a brand impersonation attack. To prevent this, organisations can use technology such as Domain-based Message Authentication, Reporting and Conformance (DMARC), which allows brands with an online presence to detect and reject any unauthorised sender who attempts to use a brand’s email domain.”
And Steve Bradford, Senior Vice President EMEA, SailPoint said: “This comes as more businesses use SMS to engage with customers, to accommodate the digital-first mindset that now characterises many consumers. But this also opens the doors to threat actors able to masquerade as popular websites or customer service support.
“Consumers must be extra vigilant and refrain from clicking any links in text messages that they’re unsure about. It’s also crucial they are keeping their data, identities and banking information safe – for example, by not taking pictures of their credit card and financial information, since photos often get stored in the cloud, which risks potential exposure to malicious actors.
“Organisations should care too, since new channels mean exposure to new vulnerabilities – and the potential for a breach to severely damage consumer trust and brand loyalty. To reduce the risk of scams, businesses must implement multiple security controls – this should be standard best practice for cyber security.”