How to protect yourself from email scams and stay safe online
What is cyber security and why is it so important?
Cyber security is about protecting yourself online. You might think “I’m not very interesting” or “I’m not very rich” so no-one would bother stealing my identity, but cyber criminals and hackers don’t think like that! Even if the scammer only gets a few pounds from each person they manage to con, they will be stinking rich.
Here’s a bit about the different types of cyber crimes and how to protect yourself against them.
Phishing is an online scam by someone using e-mail or malicious websites to get personal or confidential information. The attacker sends an email which will look real. It would probably have a link or an attachment. When you click the link, it can take you to a fake site that looks and feels like the original. The site may ask you to confirm your identity etc and ask you to put in some confidential information such as your password or bank details. It may also install malware onto your computer.
Any attachment you may open would probably have a virus or malware on it as well. Malware is software that’s built to be malicious (hence the name). It is designed to make its way onto your device i.e. your desktop, phone, or tablet and to manipulate and/or damage them. On top of that, malware can also record and steal your information like credit card account details. Here’s what to look out for.
Other things to look out for include:
- A sense of urgency e.g. “Your account will be closed if you do not act immediately”.
- Generic non personalised e.g. “Dear customer” or “Dear *******@hotmail.com”
- A request for personal information such as username or password. e.g. “To confirm you are Mr Smith, please reply with your username and password”.
- Some phishing emails actually warn you of a virus and invite you to click on a link to protect yourself. e.g. “We have been made aware of a dangerous new virus – the Bob Virus. Click here to protect your computer NOW.”
- Fear – They use it to get you to try the link or attachment. No-one wants to be charged for something they have not bought so when you see an email saying a purchase has been made on your account, the instinct is to panic and want to sort it out. They might have sent an attachment saying “if you did not make this transaction, please download our refund form” or “If you did not place this order please click here“ and there might be a link to click.
- Hovering over the link reveals the website to which it is pointing – does it look unusual? e.g.
Some of the most commonly “spoofed” or faked emails appear to come from Amazon, HMRC, iTunes (or Apple), eBay and PayPal. It is worth always double checking emails from them in particular.
One of the tactics that they often use is fear. They use it to get you to try the link or attachment. No-one wants to be charged for something they have not bought so when you see an email saying a purchase has been made on your account, the instinct is to panic and want to sort it out. This is how the fraudsters get you. They might have sent an attachment saying “if you did not make this transaction, please download our refund form” or “If you did not place this order please click here” and there might be a link to click.
Hacking is an attempt by someone to remotely access your personal computer or your company’s IT system, often using widely available tools and known IT system vulnerabilities. Hackers target online services and IT systems, and try to steal, corrupt or destroy information. Hackers attack IT systems and online services usually for financial gain or to break the security on a secure website for kudos.
Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. The telephone is the most common form of social engineering. Some of the most common methods of social engineering are pretending to be some sort of support team telling you that you have a technical issue, or unless you perform a specific action you will have. They will ask for username and password details in order for them to login to your computer and access systems and files.
It exploits elements of human nature such as fear of loss, being protective, wishing to be helpful, or obliging others.
If you receive a phone call requesting confidential information, ask for the person’s name and call them back on a previously confirmed number e.g. the number on a bank statement or a legitimate website. Remember: a bank or other reputable organisation will NEVER ask you for your password via email or a phone call.
Did you know?
- £27bn is the annual cost of cyber crime to the UK economy every year.
- Online crime makes more money than the illegal drugs trade in the UK.
What can I do to protect myself?
A reminder on passwords
- Never use common things e.g. the name of your spouse or your date of birth
- Never share it with anyone
- Never write it down
- Try not to use the same password for different accounts
- Never tell anyone over the phone – if someone asks, this should raise alarm bells!
- Always use a complex passphrase with numbers, upper/lower case and special characters (~#!”£$%^&*)
- Stick with passwords that are at least 8 characters long
Tip: Use a phrase, famous saying or even a song lyric that is memorable for you e.g. 1SmallStep*
Example: What about abbreviating a memorable line from a film or TV show and adding a favourite number to the end?
‘I Ross take thee Rachel becomes ‘IRttR’
Add your memorable year (1999) to the end and replace a number with a special character and it becomes:
Think carefully when entering personal or financial information over the internet.
Look for a padlock and https:// within the website address and NEVER enter personal or sensitive information into a website that only has http:// (without the ‘s’ at the end)
If you feel even slightly suspicious about an email – just delete it. If it is from a real company who needs to contact you – they will try again, and probably even have other methods to contact you (phone or letter in the post for example). You should definitely ignore anything that asks you to click a link or open a file.
You can always check on the website of the company the email is claiming to be from. Don’t get there through a link in the email – search from Google or a similar search engine and find out what that company says about what they would and wouldn’t say in an email. There may even be a mechanism for reporting fake emails. The more you can do this, the more chance there is of getting these shut down. A company won’t mind if you report a suspicious email and it turns out it was from them – like me, they would rather that you erred on the side of caution.
What else you can do to protect your identity?
- Do not throw sensitive information in a bin – shred it
- Lock computers and devices when away from them
- Always check a cash machine hasn’t been tampered with it before using it
- Always shield your PIN number at cash machines or when making a purchase
- If possible get expensive parcels and packages or documents delivered to somewhere where you know someone will be available (e.g. a receptionist at work or a relative who doesn’t work during the day).
- Never transfer money to someone you have never met. This particularly applies to online dating.