New data released by Action Fraud and the National Fraud Intelligence Bureau which are both run by the City of London Police, shows that increasingly fraudsters are using phishing as a means to defraud people across the UK. Last year (January 2015 – December 2015), the fraud and cybercrime reporting centre received on average 8,000 reports per month, with 96,699 people reporting that they had received a phishing scam.
Phishing is the attempt to acquire sensitive information, for example usernames, passwords and credit card details or steal money by masquerading as a trustworthy entity in an electronic communication such as email, pop-up message, phone call or text message.
More than 68 percent of people who reported a phishing scam said that they received it in the form of an email, this compares to 12.5 percent of people who said they were contacted by phone, 8.9 percent of people who said that they received a text message and the rest saying they were contacted in another way.
Hooking victims in
Fraudsters use phishing as means to hook victims into their scams and they are well practiced in making these as convincing as possible. According to a recent report by Verizon , it takes cyber criminals just 82 seconds to ensnare the average victim in a phishing scam and in most cases 23 percent of people will open a phishing email.
In the month of December, the most common phishing scam purported to be either from a bank or from HMRC followed by online payment merchants and utility companies.
In one month, 31 percent of all phishing scams reported to Action Fraud contained a potentially malicious hyperlink, which upon clicking could install malware onto the victim’s computer or phone or trick them into providing sensitive information.
Top email addresses reported
Analysis of reports made to Action Fraud reveals that phishing emails used specific subject headings as a means to ensure that the reader would feel compelled to open them. The most common message title for phishing emails is ‘Attention’ followed by other titles such as ‘Your account has been revoked’, ‘Hello’ and ‘Important Notification’.
The top email addresses that people reported to have received emails from were; Do-Notemail@example.com, firstname.lastname@example.org and PQ8MPY@m.apple.com.
Deputy Head of Action Fraud, Steve Proffitt said: “The new figures show that phishing is a problem which is not going away; it is a means for fraudsters to test the water with potential victims and see how many people they can hook into a scam. For the fraudsters, it is a low risk way of casting out their net and seeing what they can catch. If their emails are convincing enough they can yield high returns and people can easily be persuaded into parting with money or to click on links which then infect their computer with malicious software.
“In order to avoid becoming a victim we urge people to be cautious when opening emails and ask them to follow our protection advice in order to make it as difficult as possible for fraudsters who are simply casting around for their next victim”.
Behaviours that put you at risk:
- Opening attachments, or clinking on links within emails that are unsolicited or unexpected.
- Responding to emails that ask for your personal or financial details.
- Logging in to a webpage that you have arrived at via a link in an email.
How to protect yourself:
- Don’t open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details. Remember, you can hover over a link to see where it will really take you.
- An email address can be spoofed, so even if the email appears to be from a person or a company you know of, but the message is unexpected or unusual then contact the sender directly via another method to confirm that they sent you the email.
- If you receive an email which asks you to login to an online account, for example due to suspicious activity on your account, instead of clicking on the link provided in the email, go directly to the website yourself.