An awareness campaign about the dangers of ‘social engineering’ has been launched by the authorities. Briefly, that’s deceptions used to manipulate people into a position where they can be defrauded.
The warning comes after figures issued by the National Fraud Intelligence Bureau showed a 21pc increase in such reported incidents in 12 months.
The campaign is being run by Get Safe Online, with Barclays, NatWest, Royal Bank of Scotland, Lloyds, Halifax, Bank of Scotland, City of London Police (COLP), and the trade bodies CIFAS and Financial Fraud Action UK (FFAUK).
Featuring TV advertising for the first time in Get Safe Online’s ten-year history, it urges people to ‘think twice before they act’ to stop more falling victim to social engineering scams, which can take a number of guises such as fake emails, phone calls, texts or posts. It frequently involves piecing together information from various sources such as social media and intercepted correspondence to appear convincing and trustworthy. The often complex nature of such attacks makes them difficult to spot before it is too late.
Get Safe Online’s own research found that over a quarter (26pc) of victims of online crime have been scammed by these types of social engineering emails or phone calls. In addition, over a fifth of people (22pc) said they are most concerned about this sort of crime. Action Fraud found that the reported incidents of phishing scams peaked on October 21 – the day of last year’s TalkTalk data breach. This highlights people’s increasing fear surrounding these kinds of attacks, particularly in light of this and the other high profile breaches that took place last year.
Most common types of scam
According to the research, the most popular angles and guises for phishing scams include pretending to be from BT, iTunes/Apple ID, HRMC, a lottery organiser, PayPal, a bank or Amazon. The most common relate to BT and iTunes. In terms of the most popular channels for phishing, email comes out top, accounting for over three quarters (77pc) of all reported incidents. This is followed by (the relatively old-fashioned) phone calls, which accounted for one in ten (12pc) incidents. The top five channels for social engineering scams are:
· email
· Landline phone calls
· Text message
· Mobile phone call
· Post
The most common themes for phishing scams, in order, are:
· BT account update
· iTunes invoice
· HMRC tax refund scam
· Tesco vouchers, Apple ID, accident injury claim and other document attachment
· False invoice
· Itinerary attachment
· Suspended credit card account
· Suspended Tesco Bank account
· Sky services upgrade
· Blocked Barclaycard
More than a quarter (29 per cent) of all reported phishing emails contained a potentially malicious link which when clicked, could deliver malware to a victim’s computer or request their personal details. Some 17pc of phishing emails requested a reply and a further 15pc requested personal information. Although emails with malicious links are decreasing, the authorities report, requests for money transfers are on the rise. This shows how the nature of these scams is constantly shifting, giving us more reason to think twice before we act, the authorities add.
Tony Neate, Get Safe Online’s Chief Executive said: “Social engineering is becoming ever more targeted and personal, which is why it’s no surprise that the number of cases is on the rise. What’s worrying, however, is the complex nature of these scams and how they tap perfectly into feelings that make us panic – if we get an email purporting to come from someone we trust (such as our bank) about something that is emotive to us all (money) and then demand that we act urgently, it’s almost like the perfect storm. That’s why we’re so pleased to be teaming up with the banks, City of London Police, CIFAS and FFAUK to encourage people to think twice before they act and not to let panic override common sense.
“We also advise that people make sure they have strong passwords or PINs to secure devices, as well as making sure all software and apps are up-to-date. If you do have suspicions regarding an approach, it’s always better to be safe than sorry, so trust your instincts and double-check the person is who they say they are before handing over any information. This way, we can stay one step ahead and stop more people from falling prey to an online criminal.”
Commander Chris Greany from the City of London Police said: “Social engineering is increasingly being used by criminals to prey on people’s personal and financial information. Almost everyone is able to identify a time when they have received correspondence from someone, whether it be by email, post or on a phone call, who is looking to convince them to part with their details. Fraudsters are using ever more sophisticated methods to gain personal information and these types of attempts have often left victims penniless.
“We urge everyone who receives unsolicited phone calls, texts, emails or letters to ignore them and never enter into conversation with someone that you don’t know online or over the phone. If you’re contacted in this way, it is likely that you’re being targeted by a fraudster who is simply looking for ways to exploit your personal and financial details.”
If you are a victim of a scam
· If you have been a victim of banking fraud or spot irregular activity on your account, contact your bank immediately as there will be more chance that your losses may be recovered
· It’s important to report any fraud to Action Fraud, the UK’s national fraud reporting centre by calling 0300 123 20 40 or by visiting www.actionfraud.police.uk.
Comment
Raj Samani, CTO for Intel Security EMEA, said: “It’s extremely concerning to hear that the number of phishing victims has risen by 21pc. Yet, sadly it isn’t all too surprising. In fact, recent research from Intel Security exposed price points for stolen data bought and sold in cybercriminal marketplaces, finding the average estimated price for stolen credit and debit cards is $20 to $35 in the UK alone – cyber criminals are becoming increasingly savvy and its important consumers understand this threat is very much a reality.
“Brits must to be wary of unexpected emails, even if they are cited as being from a brand they are familiar with. Think twice before acting, calling up your bank directly if you’re concerned about anything before taking action. We have to make sure we stay one step ahead of the cyber criminals and caution is the best way forward here.”
Findings
New figures from Action Fraud show the number of reported phishing scams reported between November 2014 to October 2015 totalling 95,556. This represents a 21pc increase over the same period the previous year.
Data constitutes of phishing reports made to Action Fraud November 2014 to October 2015 by members of the public. Reports made via ASOV tool consist only of those instances of phishing where someone has been approached with a scam message (via email/text/or phone) but has not suffered a financial loss as a result of it or has not exposed their personal details to a scammer.
