Your online security: Tips to protect against ‘phishing’
Unfortunately, there is no way to sugar-coat this topic: every minute, of every hour, of every day, there are cyber criminals all over the world trying to steal your money.
While the fraudsters’ methods may vary, there is one constant throughout – their relentlessness. They callously target many people at the same time, using the internet as their ‘weapon’ to pinpoint any security weakness, before ruthlessly exploiting it with speed and anonymity.
According to Archie Nelson from XCyber, a specialist cyber security firm which advises clients and companies around the world, the scale of online crime today confirms that the threat is real: “There was a high-profile case last year when Dubai Police arrested a suspected cyber criminal, who at the time, had over two million followers on Instagram. Such was his wealth, they seized $40 million in cash, and 13 luxury cars worth $6.8m1. Make no mistake, this is highly organised criminality.”
The better news is that there are some fairly straight-forward tactics which we can all employ, to keep our assets safer. In this article, we look at a few of them in the context of a common type of digital fraud known as ‘phishing’.
Know thy enemy: What is phishing?
One of the best ways to defend yourself against any online fraud, is knowing how to spot the type of activities that pose a risk to you.
‘Phishing’ is the name given to a common email-based fraud, in which a fraudster will attempt to trick you into divulging passwords or sensitive information, often in an attempt to steal money.
As Carrie Wade, Head of Fraud Governance at Barclays Private Bank explains, criminals use phishing tactics in a couple of different ways: “They will either send you an email containing a link to a fake website, requesting that you enter financial information, passwords or other sensitive information.”
“Alternatively, their seemingly innocuous emails may contain a harmful attachment in the form of a document, form or notification,” she continues. “The criminals want you to open these harmful attachments so that their ‘malware’ – which is software designed to gain unauthorised access to a computer – breaks through your digital defences.”
As we alluded to at the beginning of this article, the harsh reality of cyber crime should not be underestimated. It is horrible and aggressive, but we can collectively make it harder for the criminals to succeed.
How can I protect myself?
Put simply, it pays to be suspicious whenever you’re sent an email (or a text message, or a social media message). It’s worth scrutinising every message you’re sent, especially if there is a link, attachment and/or instruction to pay a bill.
The more you are willing to give something the benefit of the doubt, the more likely you are to allow an online fraudster to breach your defences.
Here are 7 simple things to bear in mind at all times:
1. While we at Barclays may ask you for some personal information, we will never:
- ask for your full password or PIN
- provide you with details to make a payment, or,
- request that you grant us access to your systems or PC
2. If you are invoiced for a service received – even if you are expecting the bill – always check the payment details, including the account number and sort code are correct. Criminals have been known to intercept genuine invoices and change the payment details so that the money goes to them instead. If you have any doubts, call your supplier, on a previously verified number and ask for clarity.
3. Be alert to the style, tone and grammar of emails you receive, especially if the email doesn’t address you by name. For example, an email starting with “Dear Sir/Madam”, may merit extra scrutiny. Also be aware of urgent demands – malicious emails tend to use scare tactics and threats to get a quick response.
4. Never enter any personal or security information on a site accessed through a link in an email.
5. Never click on links or open attachments from senders you are unsure of.
6. On sites that require you to input sensitive information, look for ‘https’ in the website address – the ‘s’ stands for ‘secure’, though be aware that this does not guarantee the website is genuine.
7. Do not assume a sender is genuine because they know information about you / your company, or because their email address looks familiar. Fraudsters are skilled in collecting personal information about their targets, and can spoof email addresses or compromise email accounts making emails appear to be from a genuine contact, including someone from your own organisation.
Sadly, there is no escaping the threat of online fraud. It is constant and the criminals will go to extreme lengths to steal your assets if they sense a weakness in your IT security. By staying alert at all times and questioning anything that doesn’t seem right, you can help strengthen your defences.
As Carrie Wade concludes, foresight is better than hindsight: “You can never be too careful and as sad as it may sound, it pays to be proactively suspicious. Staying on the front foot is a valuable weapon in the fight against fraud.”
This communication is general in nature and provided for information/educational purposes only. It does not take into account any specific investment objectives, the financial situation or particular needs of any particular person. It not intended for distribution, publication, or use in any jurisdiction where such distribution, publication, or use would be unlawful, nor is it aimed at any person or entity to whom it would be unlawful for them to access.
This communication has been prepared by Barclays Private Bank (Barclays) and references to Barclays includes any entity within the Barclays group of companies.
The communication is:
- not research nor a product of the Barclays Research department. Any views expressed in these materials may differ from those of the Barclays Research department. All opinions and estimates are given as of the date of the materials and are subject to change. Barclays is not obliged to inform recipients of these materials of any change to such opinions or estimates;
- not an offer, an invitation or a recommendation to enter into any product or service and do not constitute a solicitation to buy or sell securities, investment advice or a personal recommendation;
- is confidential and no part may be reproduced, distributed or transmitted without the prior written permission of Barclays; and
- has not been reviewed or approved by any regulatory authority.
Where information in this communication has been obtained from third party sources, we believe those sources to be reliable but we do not guarantee the information’s accuracy and you should note that it may be incomplete or condensed.
Neither Barclays nor any of its directors, officers, employees, representatives or agents, accepts any liability whatsoever for any direct, indirect or consequential losses (in contract, tort or otherwise) arising from the use of this communication or its contents or reliance on the information contained herein, except to the extent this would be prohibited by law or regulation.