This week, Get Safe Online in partnership with Barclays, NatWest, Royal Bank of Scotland, Lloyds, Halifax, Bank of Scotland, City of London Police (COLP), Action Fraud, Cifas and Financial Fraud Action UK (FFAUK) has launched a new advertising campaign warning the UK public about the dangers of ‘social engineering’ as reported figures from the National Fraud Intelligence Bureau show incidents have risen by 21% in 12 months. Get Safe Online, along with its partners, is urging people to ‘Think Twice Before You Act’ to stop more people falling victim to social engineering fraud.
Social engineering is an extremely targeted type of scam where fraudsters manipulate their victims into sharing confidential information. This can happen through fake emails, phone calls, texts or posts (and even leaving a malware-infected USB stick lying around), and frequently involves piecing together information from various sources such as social media and intercepted correspondence to appear convincing and trustworthy. The often complex nature of the attack makes it extremely difficult to spot a scam before it is too late.
Social engineering on the rise
There’s no doubt that cybercriminals have become more and more sophisticated in their attacks and this is particularly evident in new figures from Action Fraud, which show the number of reported phishing scams reported between November 2014 – October 2015 totalling 95,556. This represents a 21% increase over the same period the previous year.
This is further supported by research from Get Safe Online, revealing that over a quarter (26%) of victims of online crime have been scammed by these types of social engineering emails or phone calls. In addition, over a fifth of people (22%) said they are most concerned about this sort of online crime.
Interestingly, the research from Action Fraud found that the reported incidents of phishing scams peaked on 21st October – the day of the TalkTalk data breach. This highlights people’s increasing fear surrounding these kinds of attacks, particularly in light of this and the other high profile breaches that took place last year.
The top five channels for social engineering scams are:
- Landline phone calls
- Text message
- Mobile phone call
Top themes for phishing scams
- BT account update
- iTunes invoice
- HMRC tax refund scam
- Tesco vouchers, Apple ID, accident injury claim and other
- Document attachment
- False invoice
- Itinerary attachment
- Suspended credit card account
- Suspended Tesco Bank account
- Sky services upgrade
- Blocked Barclaycard
Commander Chris Greany from the City of London Police said: “Social engineering is increasingly being used by criminals to prey on people’s personal and financial information. Almost everyone is able to identify a time when they have received correspondence from someone, whether it be by email, post or on a phone call, who is looking to convince them to part with their details. Fraudsters are using ever more sophisticated methods to gain personal information and these types of attempts have often left victims penniless.
“We urge everyone who receives unsolicited phone calls, texts, emails or letters to ignore them and never enter into conversation with someone that you don’t know online or over the phone. If you’re contacted in this way, it is likely that you’re being targeted by a fraudster who is simply looking for ways to exploit your personal and financial details”.
Follow these simple tips to protect yourself
- Never give out personal or financial data including usernames, passwords, PINs, ID numbers or memorable phrases.
- Be very careful that people or organisations who you supplying payment card or other confidential information to are genuine, and even then, never reveal passwords. A bank, HMRC, retailer or other reputable organisation will never ask you for your password, PIN or memorable information via email, phone call or any other means.
- If you are asked by a caller to cut off the call and phone your bank or card provider, call the number on the number you know to be correct. However, be sure to use another phone from the one you received the call on or leave it for five minutes before you make the call, in case the sender’s number has been spoofed or the line left open.
- Never click on email attachments from unknown sources as they could well contain malware. Delete them, and take the details to report if appropriate.
- Do not click on links in emails from senders you do not know. Instead, roll your mouse pointer or finger over the link to reveal the actual sender. If different, it is probably a scam. Even if you get an email that seems to come from someone you might know – but it seems irregular or out of character – the sender may be a fraudster who has hacked into their email or spoofed their address. If in doubt, call (but do not email) the sender.
- Do not attach external storage devices like USB sticks or hard drives – or insert CD-ROMs/DVD-ROMs into your computer – if uncertain of the source. This is a favourite way for fraudsters to spread malware.
To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.
You can now also sign up for free to Action Fraud Alert to receive direct, verified, accurate information about scams and fraud in your area by email, recorded voice and text message.