New data released by Action Fraud and the National Fraud Intelligence Bureau (which are both run by the City of London Police) shows that, increasingly, fraudsters are using phishing as a means to defraud people across the UK. Last year (January-December 2015), the Fraud and Cyber Crime Reporting Centre received an average of 8,000 reports per month, with 96,699 people reporting that they had received a phishing scam e-mail.
Phishing is the attempt to acquire sensitive information, for example usernames, passwords and credit card details or steal money by masquerading as a trustworthy entity in an electronic communication such as e-mail, a pop-up message, a phone call or a text message.
More than 68% of people who reported a phishing scam said that they received it in the form of an e-mail. This compares to 12.5% of people who said they were contacted by phone, 8.9% who said that they received a text message and the rest saying they were contacted in another way.
Hooking the victims
Fraudsters use phishing as a means to hook victims into their scams. They’re well practised in making these as convincing as possible. According to a recent report by Verizon , it takes cyber criminals just 82 seconds to ensnare the average victim in a phishing scam and, in most cases, 23% of people will open a phishing e-mail.
In the month of December, the most common phishing scam purported to be either from a bank or from HMRC followed by online payment merchants and utility companies.
In one month, 31% of all phishing scams reported to Action Fraud contained a potentially malicious hyper link, which upon clicking could install malware on the victim’s computer or phone or trick them into providing sensitive information.
Top e-mail addresses reported
Analysis of reports made to Action Fraud reveals that phishing e-mails used specific subject headings as a means to ensure that the reader would feel compelled to open them. The most common message title for phishing e-mails is ‘Attention’ followed by other titles such as ‘Your account has been revoked’, ‘Hello’ and ‘Important Notification’.
The top e-mail addresses that people reported to have received e-mails from were Do-Notemail@example.com, firstname.lastname@example.org and PQ8MPY@m.apple.com.
Steve Proffitt, the deputy head of Action Fraud, said: “The new figures show that phishing is a problem which isn’t going away. It’s a means for fraudsters to test the water with potential victims and see how many people they can hook into a scam. For the fraudsters, it’s a low risk way of casting their net and seeing what they can catch. If their e-mails are convincing enough they can yield high returns. People can easily be persuaded into parting with money or to click on links which then infect their computer with malicious software.”
Proffitt continued: “In order to avoid becoming a victim, we urge people to be cautious when opening e-mails and ask them to follow our protection advice in order to make it as difficult as possible for fraudsters who are simply looking for their next victim.”.
Behaviours that place you at risk:
*Opening attachments, or clinking on links within e-mails that are unsolicited or unexpected
*Responding to e-mails that ask for your personal or financial details
*Logging in to a web page that you have arrived at via a link in an email
How to protect yourself:
*Don’t open attachments or click on the links within any unsolicited e-mails you receive, and never respond to e-mails that ask for your personal or financial details. Remember, you can hover over a link to see where it will really take you
*An e-mail address can be spoofed, so even if the e-mail appears to be from a person or a company you know of, but the message is unexpected or otherwise unusual, contact the sender directly via another method to confirm that they sent you the e-mail
*If you receive an e-mail which asks you to log in to an online account, for example due to suspicious activity on your account, instead of clicking on the link provided in the e-mail go directly to the website