“8,000 reports of phishing scams received every month” states Action Fraud

New data released by Action Fraud and the National Fraud Intelligence Bureau (which are both run by the City of London Police) shows that, increasingly, fraudsters are using phishing as a means to defraud people across the UK. Last year (January-December 2015), the Fraud and Cyber Crime Reporting Centre received an average of 8,000 reports per month, with 96,699 people reporting that they had received a phishing scam e-mail.

Phishing is the attempt to acquire sensitive information, for example usernames, passwords and credit card details or steal money by masquerading as a trustworthy entity in an electronic communication such as e-mail, a pop-up message, a phone call or a text message.

More than 68% of people who reported a phishing scam said that they received it in the form of an e-mail. This compares to 12.5% of people who said they were contacted by phone, 8.9% who said that they received a text message and the rest saying they were contacted in another way.

Hooking the victims

Fraudsters use phishing as a means to hook victims into their scams. They’re well practised in making these as convincing as possible. According to a recent report by Verizon , it takes cyber criminals just 82 seconds to ensnare the average victim in a phishing scam and, in most cases, 23% of people will open a phishing e-mail.

In the month of December, the most common phishing scam purported to be either from a bank or from HMRC followed by online payment merchants and utility companies.

In one month, 31% of all phishing scams reported to Action Fraud contained a potentially malicious hyper link, which upon clicking could install malware on the victim’s computer or phone or trick them into providing sensitive information.

Top e-mail addresses reported

Analysis of reports made to Action Fraud reveals that phishing e-mails used specific subject headings as a means to ensure that the reader would feel compelled to open them. The most common message title for phishing e-mails is ‘Attention’ followed by other titles such as ‘Your account has been revoked’, ‘Hello’ and ‘Important Notification’.

The top e-mail addresses that people reported to have received e-mails from were Do-Not-reply@amazon.co.uk, bt.athome@ecomm.bt.com and PQ8MPY@m.apple.com.

Steve Proffitt, the deputy head of Action Fraud, said: “The new figures show that phishing is a problem which isn’t going away. It’s a means for fraudsters to test the water with potential victims and see how many people they can hook into a scam. For the fraudsters, it’s a low risk way of casting their net and seeing what they can catch. If their e-mails are convincing enough they can yield high returns. People can easily be persuaded into parting with money or to click on links which then infect their computer with malicious software.”

Proffitt continued: “In order to avoid becoming a victim, we urge people to be cautious when opening e-mails and ask them to follow our protection advice in order to make it as difficult as possible for fraudsters who are simply looking for their next victim.”.

Behaviours that place you at risk:

*Opening attachments, or clinking on links within e-mails that are unsolicited or unexpected

*Responding to e-mails that ask for your personal or financial details

*Logging in to a web page that you have arrived at via a link in an email

How to protect yourself:

*Don’t open attachments or click on the links within any unsolicited e-mails you receive, and never respond to e-mails that ask for your personal or financial details. Remember, you can hover over a link to see where it will really take you

*An e-mail address can be spoofed, so even if the e-mail appears to be from a person or a company you know of, but the message is unexpected or otherwise unusual, contact the sender directly via another method to confirm that they sent you the e-mail

*If you receive an e-mail which asks you to log in to an online account, for example due to suspicious activity on your account, instead of clicking on the link provided in the e-mail go directly to the website

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts