Protecting Yourself from Cyber-Enabled Scams and Frauds
As of January 2023, the National Cyber Security Centre (NCSC) received over 17 million reported scams which resulted in 114,000 being removed across 209,500 URLs.
Additionally, according to official figures from November 2022, 41% of all crimes reported are frauds – and 80% of those frauds are cyber-enabled, which means it involves technology of some kind.
Cyber-fraud isn’t just emails (‘phishing’) but texts (‘smishing’), phone calls (‘vishing’), WhatsApp messages, social media scams and websites too. It is important that everyone remains extra vigilant and individual users are aware that spam emails and even phone calls are on the increase. MIAA have issued numerous alerts in this regard in the past year – most recently regarding a lost/broken phone scam.
Reporting Cyber Frauds
If you receive a phone call that you believe to be fraudulent, hang up. You can also report it this way.
If you are suspicious about an email you have received at work, tell your IT team and forward it to report@phishing.gov.uk. There is also specific guidance on how to report spam emails to NHS Digital, that can be found here.
Suspicious text messages at work or personally can be forwarded to the number 7726 (the National Cyber Security Centre), which is free of charge.
You can also report fake company websites to the NCSC, here.
Good advice on various measures you can take to protect your cybersecurity arrangements in both your professional and personal life can be found at the National Cyber Security Centre – NCSC.GOV.UK.
If you believe you are the victim of a fraud, personally, please report this to Action Fraud as soon as possible on 0300 123 2040 or visiting actionfraud.police.uk.
Any NHS frauds should be reported to your local Anti-Fraud Specialist – details can usually be found on your intranet, or via your organisation’s Anti-Fraud, Bribery & Corruption Policy.
Alternatively, you can report NHS frauds to the National Fraud & Corruption Reporting Centre on 0800 028 4060, or via their online reporting tool.
There are 3 main types of “social engineering”, phishing, vishing and smishing.
What is Phishing?
Phishing is the fraudulent practice of sending emails purporting to be from a trustworthy company or individual in order to persuade individuals to reveal personal information, such as passwords and credit card numbers. It can also be the use of fake company websites to collect such data.
What is Vishing?
Vishing is the fraudulent practice of making phone calls or leaving voice messages pretending to be from trustworthy companies in order to convince individuals to disclose personal information, such as bank details and credit card numbers.
What is Smishing?
Smishing is the fraudulent practice of sending text or similar messages claiming to be from reputable companies in order to encourage individuals to divulge personal information.
Protect your smartphone
Mobile security attacks are on the increase, so here’s 8 tips to keep your handset safe from harm.
According to a recent Mobile Eco-system Forum Report 66% of mobile users have experienced some kind at data-related attack.
1. Keep your smartphone locked when not in use.
An unlocked phone is an easy target, go to your phone settings choose security, listed there are a number of options to lock your phone.
2. Beware of Public Wi-Fi.
Don’t use public Wi-Fi for things like online banking or sensitive data; it’s great if you’re low on data but open networks aren’t secure, so your privacy is at risk. Switch to your mobile data if you’re buying anything, as it’s much more secure if you’re about to run out use a data add-on from your network provider.
3. Update your operating system.
Always have the latest version of your phone’s operating system installed. They are an important part of your regular security regime. Go to your phone’s Settings, type Update in the search bar and follow the online instructions. Set your phone to check for updates automatically.
4. Be careful what apps you download.
When you see an app you fancy; if it comes from a pop-up source or strange email address, then forget about it. Always check the reviews and ratings to see what others are saying about it.
5. Update passwords regularly.
Regularly change all your passwords, especially if you’re planning on travelling. Coming up with strong passwords is tough, so why not use a password manager? The ‘Sticky Password’ app (free on iOS and Android) is a good one. It uses the world’s leading encryption standard generating new strong, unique passwords, whenever you need them.
6. Disable Bluetooth connectivity.
If your Bluetooth is left on, nearby criminals can connect to your phone and hack into it, so keep your Bluetooth disabled as much as possible – set your Bluetooth to “non-discoverable” so anyone searching for a nearby device won’t be able to see it.
7. Clean up your apps.
Apps are prone to infection with hackers targeting older ones with out of date security measures. Get rid of any you don’t use regularly. Make sure your phone updates your remaining apps regularly as they will also update the security. iPhone use Settings,
iTunes & App store and tick ‘updates for automatic downloads’. For Android, open Google Play store, Settings, Auto-update apps.
8. Wipe clean your lost or stolen phone.
If your phone is lost or stolen, tell your provider straight away so they can protect your phone from misuse. Remote tracking is an option. “Find my device” on Android, and “Find my iPhone” on iOS. You can remotely wipe clean your lost phone of all your data. If you choose this option, make sure your data is backed up somewhere else.
Protect yourself from online scams
1. Many frauds start with a phishing email. Remember that banks and financial institutions will not send you an email asking you to click on a link and confirm your bank details. Do not trust such emails, even if they look genuine. You can always call your bank using the phone number on a genuine piece of correspondence, website (typed directly into the address bar) or Google it to check if you’re not sure.
2. Do not give any personal information including your name, address, bank details, email or phone number to anyone before verifying their credentials.
3. Destroy and preferably shred receipts with your card details on and post with your name / address on – fraudsters don’t need much information in order to be able to clone your identity.
4. Make sure your computer has up-to-date anti-virus software and a firewall installed. Ensure your browser is set to the highest level of security notification and monitoring to prevent malware issues and computer crimes. Your work computers will do all of this automatically, but your home computers less so.
5. Sign-up to Verified by Visa or Mastercard Secure Code whenever you are given the option while shopping online. This involves you registering a password with your card company and adds an additional layer of security to online transactions with signed up retailers.
6. Your identity may have been stolen. If you receive bills, invoices or receipts for things you haven’t bought, or financial institutions you don’t normally deal with contact you about outstanding debts, take action (see next point).
7. You should regularly get a copy of your credit file and check it for entries you don’t recognise. Callcredit, Equifax and Experian can all provide your credit file. An identity protection service such as ProtectMyID monitors your Experian Credit report and alerts you by email or SMS to potential fraud activity. If it’s fraud, a dedicated caseworker will help you resolve everything.
8. Be extremely wary of post, phone calls or emails offering you business deals out of the blue. If an offer seems to good to be true, it probably is. Always question it!
9. If you have been a victim of fraud, be aware of “fraud recovery fraud”. This is when fraudsters pretend to be a lawyer or a law enforcement officer and tell you they can help you recover the money you’ve already lost.
Other useful websites:
• To Stop fraud, Take Five.
• MIAA Fraud Hub.
For more information about our anti-fraud service, contact Darrell Davies.
