What is phishing and how does it work?
You wouldn’t let a thief enter your home, but what if the thief was masquerading as someone familiar, such as a postman, and tricked you into opening the door? Phishing works in a similar way – people open the doors to their personal data, giving up login details, passwords or even payment details to malicious e-mails, links or websites designed to look like they’re authentic. That information can then be used to commit fraud and cyber crime.
Holy Mackerel – Phishing is a huge problem
Phishing attacks are a common security challenge that both individuals and companies across the UK face on a regular basis. Verizon’s 2018 ‘Data Breach Investigations Report’ showed that more than 90% of all malware is still delivered to victims via email. Between April 2018 and March 2019, social media and email account compromises were the most reported form of cyber crime to Action Fraud with victims losing a combined total of £19m – our analysis shows that phishing emails were a common enabler for these compromises. That’s why on National Fish and Chip Day (7th June) City of London Police’s Cyber Protect team worked alongside police forces across the UK, Government departments and industry partners to deliver a national campaign on how people can protect themselves from phishing.
Beat scam calls and messages – here’s how.
Some of the most reported scams to Action Fraud start with an unsolicited text, email or call. From emails and text messages asking you to “verify” account details to cold callers claiming to be from your bank, the goal of a phishing attack is usually the same, to trick you into revealing personal and financial information.
Criminals are constantly evolving the tactics they use to carry out these phishing attacks, which is why it’s sometimes difficult for people to know what to look out for. We’ve got some simple advice that can help you protect yourself from most of the common attacks – don’t click on the links or attachments in suspicious emails, and never respond to unsolicited messages and calls that ask for your personal or financial details. It’s as simple as that. If you think the communication might be genuine, then contact the company directly using contact details you know to be correct, such as the phone number on official correspondence, and never the contact information provided in the message.