Online Fraud – Don’t Be Hoodwinked.
We’ve mentioned online fraud in previous articles – social media and phishing. But what is cyber fraud and how can you guard against it? This is the tenth theme in the Year of Cyber articles to help you use cyberspace safely at work and at home.
Simple points to remember:
1. Don’t disclose personal details unless you know the person you are talking to or have verified their credentials.
2. Check credit card and bank statements to ensure that correct payments have been taken and no fraud has taken place.
3. Don’t assume others will protect your identity.
What is Cyber Fraud?
According to the Action Fraud website, Fraud is when trickery is used to gain a dishonest advantage, which is often financial, over another person. Fraud can be committed against a person, business, or an organisation.
In Britain fraud costs people hundreds of millions of pounds every year and the costliest type of fraud usually occurs online, through online shopping, online banking, and ID theft.
The internet has many online products and services which most people use without issue, but there are criminals who take the advantage of the worldwide web’s anonymity to hoodwink you if the opportunity presents itself.
We covered social engineering (through social media) and phishing (emails) earlier this year, but other types of online fraud are:
• Baiting. Commonly online this is posting video links to humorous, extreme, or lewd content to tempt people to click on the link which leads to phishing, or malware downloads.
• Spear Phishing. Emails that appear to originate from legitimate organisations which contain a high degree of personal information or come from a ‘high jacked' account from your friends or colleagues.
• Vishing. Telephone calls claiming to be from a trusted organisation, sometimes automated to get you to type in responses on your keypad to capture identity or financial information.
• Smishing. A text message containing links to a false website to get you to input information.
• Impersonations. Fraudsters impersonate persons of authority to gather information or gain access to secure areas, or harvest information under the guise of campaigning or conducting a survey.
What is the risk?
Not only might you lose money against something you pay for but don’t receive, but you might also have unexpected payments taken, even amounting to emptying your account. Your information can also be used to commit identity theft, opening accounts in your name, and destroying your credit rating, or to commit further fraud through posting material which appears to come from you. Clearing up the mess can be very costly and time-consuming.
So, what can I do?
Fraudsters rely on people to be ignorant of technology and what it can do, so the best defence is to really get to know the capabilities of your mobile device, smart phone, or tablet. Set up the security settings correctly and change default passwords and settings.
Be suspicious of phone calls you weren’t expecting, especially from banks or people asking for your financial information – your banks website will tell you what information it will ask you for. It takes two people to terminate a phone call so ring back on a different line or call someone you know and trust first.
Be suspicious of any emails you weren’t expecting from banks, credit card companies or other official organisations - especially if they ask for personal information or bank details. Don’t reply to unsolicited emails from companies you don’t recognise.
Think about the ‘jigsaw’ effect and your online footprint - can a fraudster piece together information about you by searching across different social media and open-source channels to find an ‘in’? Fraudsters also set up false social media profiles to elicit information from their intended victims, be careful of friend requests, especially friends of friends (a common tactic to gain credibility).
Always research any new online retailer you want to shop with or organisation you want to deal with. Look for trusted recommendations, privacy policy, returns policy, company address and telephone contact details. Make sure the website has a padlock symbol in the browser window frame and starts with https:// - the ‘s’ stands for ‘secure’.
Always log out of sites into which you have logged in or registered details. Closing your browser is not enough to ensure privacy.
As with most types of fraud, if something doesn’t feel quite right, it probably isn’t.
If you feel you have been a victim of fraud then contact your bank, building society etc. as soon as possible so that changes can be put in place and transactions stopped.
Reporting
The advice in this article underscores the necessity of consulting cyber security experts, such as Cybercentry, for addressing any cyber security incidents in both personal and professional contexts. Reporting concerns promptly to the relevant authorities is crucial for a swift response and safeguarding against potential threats.
© Cybercentry Limited. All rights reserved.
Terms and Conditions Privacy Policy GDPR Statement Modern Slavery Statement Cybercentry Partner Programme