Friday, December 20, 2013

Dealing with Cyber Crime

Anyone who uses the internet and email cannot possibly be unaware of the ridiculous number of fraudulent emails being sent out by crooks who are trying to part us from our cash.
In the past year the number of attempts to defraud BT customers alone, by sending emails purporting falsely to come from BT, has increased by nearly a factor of three, with more than 7,500 unique BT phishing websites recorded, compared with 2,737 the previous year.

Consumers and businesses in the UK lost an estimated £27bn in 2012 through cybercrime. More than £600m of this was through so called "phishing" attacks.

Phishing is the term used to describe a scam where criminals use forged emails or web pages in a bid to persuade people to disclose personal information, bank details, addresses, passwords and usernames, which can then be used to commit fraud or steal money.

Sometimes it is easy to tell if an email is fraudulent - for example, if there are spelling mistakes in an email which is supposed to have come from a multinational company, or if the language or branding is not quite right, if you're not actually a customer of the company which has emailed you as if they were. And although companies do sometimes make stupid mistakes with the details of their customers, if a company of which you have been a customer for years approaches you and gets your details wrong, you are fully entitled to assume it's not actually them, but a fraudster.

However, some of the fraudsters are very clever- they steal the actual logos and styles, use the names of real officials of the company they are pretending to be contacting you from - and sometimes give you real information.
This year when BT's ISP moved millions of email customers from one email platform to another, the fraudsters sent out millions of emails which purported to include information about this real change to make it look like a genuine communication to customers, which they integrated with the phishing "hook" designed to get people to log onto their fraudulent websites.
One test for a fraudulent email which often works is to look at the email address that a message comes from. Quite frequently an email will appear to come from an public company and will be set to display as something like "Barclays Customer Service" or "BT Broadband" but when you look at the details of the sender's address you will find it is actually from a private account like ","" or ""

The rules I always use to test the validity of an email if there is nothing obviously wrong with it involve asking myself

1) Should the company which this message purports to come from need to ask me these questions?
2) Could what I'm being asked for be useful to a fraudster?

And if in doubt, always check!

No company who have sent you a genuine email should mind if you phone them to check if it really is authentic.

Most companies have an email address to which you can report suspected frand, such as and if you notify them of a suspect email through one of these numbers, they will take action against the fraudsters.

No comments: