Wayne Harris, Compliance Officer at ITCS shares his monthly IT security blog – this month, he talks about fraud and phishing attacks.
As the festive season approaches rapidly, we see an increase in cyber-crime, phishing attacks and fraud attempts. I’m sure we have all read about or seen these attack emails, and believe that we would not fall for them, but beware, they are becoming more and more complex and plausible.
A common attack at this time of year is a phishing email masquerading as a supplier email such as Amazon or delivery tracking email. As our shopping habits change to on-line services, it opens up an opportunity for the criminals to gain your trust, after all you probably have just ordered goods from one of these suppliers or used your Pay Pal account haven’t you? These attacks may be trying to gain access to your banks account/credit card details or using these emails and links to deliver a Virus or Trojan on to your systems such as Ransomware.
Here are a few tips to avoid falling for these scams:
- Make sure the website you are ordering from is legitimate, we see more and more online shopping scams at this time of year, and they are becoming more difficult to spot – gone are the days of poorly constructed websites or emails.
- Do not use your business email address for registering to these services, that way if you get one of these emails to your business email address you know it is a scam.
- Do not click on any links contained in the email. If you have ordered goods from an on‑line store, use the store website to track your order progress. Clicking on links within an email may download malicious software or take you to a fake website to steal your credentials or financial information.
- Check the sender address very careful, and look for badly composed emails or spelling mistakes – however, this is becoming more difficult to spot as the attacks are becoming more complex and organised.
- When you place the order, you probably received a confirmation number – make a note of it, suppliers generally include these details in any emails they send – check it.
- Do not reply to any emails that you receive, this builds up a sense of trust between yourself and the attacker, and you could just get in deeper.
Email spam services will generally not pick up on these types of attacks, as they don’t contain malicious code in the source email, and unless are from a blacklisted domain will not score highly on the Bayesian database which is used to calculate the probability of spam. Users are therefore the best form of defence against these types of attacks.
ITCS are currently running new courses on managing IT security, including the new GDPR regulations due to come into force in 2018. If you would like to book a place, or if you have any questions or concerns around computer security, please don’t hesitate to contact the ITCS support desk on 08456 444 200.