Gone Phishing: online fraud

During this particularly busy time for online retail, brands are also striving to maintain their reputations, revenue and customers by safeguarding against counterfeit goods and fake websites. Consumers need to be wary, too.

22 Oct 2014

by Roger Gallucci

The market research company Mintel predicts that nearly 13 per cent of all retail sales this Christmas will be online, with a quarter of British consumers admitting they will be present-hunting online more this year than last. Brands are also preparing their online Christmas social media campaigns as they know the online surge in buying reduces dramatically a week before December 25 with shoppers worrying about delivery and heading for the shopping centres. During this particularly busy time for online retail, brands are also striving to maintain their reputations, revenue and customers by safeguarding against counterfeit goods and fake websites. Consumers need to be wary, too.

Fraud is believed to cost the UK economy an estimated £36 billion a year, with 9 million adults per year affected by cyber crime. The attacks include stealing customers’ bank details, raiding online accounts, infecting computers and devices with viruses and stealing business information. More than 90% of the attacks begin with phishing emails targeting employees or individuals. These emails look convincing and are from a seemingly trusted source. File attachments include regularly used ones such as .pdf, .doc or .xls. Fraudsters are also starting to use Zip files as they are very hard to detect by anti-virus programmes. Once one of these files is opened, they can infect your computer immediately or deposit a .exe file on your computer. This file can lay dormant for weeks or months until the fraudster needs to use it to hack your computer. Once hacked, they can re-direct you to false websites, obtain your logins, passwords and personal details and send out emails from your account.

Phishing is a commonly known phrase, but have you heard of vishing or smishing? Vishing is when a fraudster calls up impersonating your bank or other organisation with the aim of obtaining information about you, your banking security codes, and so on. Smishing is similar to vishing but using texts instead. A lot of these attacks are launched by sending out millions of emails and seeing who opens them or tempting you into following a link to a malicious website. Other attacks are more targeted and will focus on relevant employees in an organisation. To ensure these attacks are effective, more information about you is required. This can be obtained by the old method of sifting through your bins at home and work. Other techniques include looking at Post-its notes stuck around your desk (a common way for people to remember important info) or go online and check your online persona via social media, company profile or any other information, which is freely available online.

The ease with which personal information can be obtained by a determined fraudster is quite scary. Check out Amazing Dave:

Other money-grabbing frauds include:

Credit and debit card: cloning cards, fake cash machines, and so on.

Invoice and supplier: details changed to a fraudulent bank account or changed post submission.

Employees: collusion between two parties in a company.

Cheques: changing details on a cheque issued, stealing cheques, forging signatures, and so on.

Handy tips to combat fraud The key to combat fraud is to be vigilant and to follow best practices (both in your business and personal life). Some simple tips from RBS include:

Emails: if in doubt, kick it out!

Passwords: longer is stronger

Phones salls: ask before giving information

Social media: care what you share.

And as Nick Ross used to say on the BBC’s Crimewatch: “Don’t have nightmares, do sleep well.”

‹ all articles

iln tweets

©2017 Illustrated London News Ltd, 46-48 East Smithfield, London E1W 1AW, U.K. Call +44 (0) 20 7426 1010