Radcliffe Blog

Phishing attacks: defending your data

By April 22, 2024 No Comments

How to defend your data from email phishing attacks

What is phishing?

‘Phishing’ is when criminals use scam emails, text messages or phone calls to trick their victims. The aim is often to make you visit a website, which may download a virus onto your computer, or steal bank details or other personal information.

Phishing emails can be sent to anyone. You might get caught up in a mass campaign (where emails are sent indiscriminately to millions of inboxes), or it could be the first step in a targeted attack.

In these targeted campaigns, the attacker uses information about you (it may be found online) to make their messages even more persuasive and realistic. This is usually referred to as spear phishing.

 

According to National Cyber Security Centre (NCSC), as of January 2024, the number of phishing reports received stands at more than:

29m reported scams…

 

Which has resulted in:

168k scams being removed across 306,400 websites.

 

Spot and report scam emails, texts, websites and calls

How to recognise and report emails, texts, websites, adverts or phone calls that you think are trying to scam you.

Recognise the signs someone is trying to scam you, and learn how to check if a message you have received is genuine.

Recognising online scams

Cyber criminals may contact you via email, text, phone call or via social media. They will often pretend to be someone (or an organisation) you trust.

It used to be easier to spot scams. They often contained bad spelling or grammar, come from an unusual email address, or feature imagery or design that feels ‘off’. But scams are getting smarter and some even fool the experts.

Criminals are increasingly using QR codes within phishing emails to trick users into visiting scam websites. QR codes are usually safe to use in pubs and restaurants, but you should be wary of scanning QR codes within emails.

 

How to spot scam messages or calls

Scammers try to quickly gain your trust. They aim to pressure you into acting without thinking.

If a message or call makes you suspicious… stop, break the contact, and consider the language it uses. Scams often feature one or more of these tell-tale signs.

1. Authority

Is the message claiming to be from someone official? For example, your bank, doctor, a solicitor, or a government department. Criminals often pretend to be important people or organisations to trick you into doing what they want.

2. Urgency

Are you told you have a limited time to respond (such as ‘within 24 hours’ or ‘immediately’)? Criminals often threaten you with fines or other negative consequences.

3. Emotion

Does the message make you panic, fearful, hopeful, or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more.

4. Scarcity

Is the message offering something in short supply, like concert tickets, money or a cure for medical conditions? Fear of missing out on a good deal or opportunity can make you respond quickly.

5. Current events

Are you expecting to see a message like this? Criminals often exploit current news stories, big events or specific times of year (like tax reporting) to make their scam seem more relevant to you.

 

How to check if a message is genuine

If you have any doubts about a message, contact the organisation directly. Do not use the numbers or address in the message – use the details from their official website.

Remember, your bank (or any other official source) will never ask you to supply personal information via email, or call and ask you to confirm your bank account details.

If you suspect someone is not who they claim to be, hang up and contact the organisation directly. If you have paper statements or a credit card from the organisation, official contact details are often written on them.

 

Source: https://www.ncsc.gov.uk/guidance/phishing