Protecting yourself from fraud
Phishing is the term used to describe fraudsters who use emails, SMS and phone scams to trick people into giving over their personal details. It is one of the most commonly reported types of cyber crime.
As a rule, all phishing attempts involve a scammer pretending to be someone they’re not in order to gain sensitive information, like credit card and bank account numbers, PINs and passwords. Generally, they do this by impersonating a reputable company or trustworthy person.
Should they get their hands on a victim’s card details for instance, they can get to work – making purchases on the internet, over the phone or by mail order – without anyone realising until it’s too late.
Usually carried out over email, phishing attacks can come by phone (voice phishing, or vishing), text (SMS phishing, or smishing) and through social media and fake sites designed to look like web pages you regularly visit.
A basic phishing attack will aim to trick the target into doing what the scammer wants, whether that’s handing over passwords or altering bank details so that payments go to the fraudsters instead of the correct account.
Phishing is also a favoured method of cyber criminals to deliver malware (malicious software, like viruses and spyware) by encouraging victims to download a document or visit a link that will secretly install it on a computer.
While most phishing emails are sent at random to large numbers of people in the hope of boosting their hit rate, many others are highly targeted and personalised to a specific individual or organisation.
Phishing itself comes in many forms, so here are some to be aware of:
This is the most common type of phishing, where fraudsters send scam emails out in bulk with the aim of duping as many people as possible. Quite often, they’ll ask the target to act immediately to resolve an issue like a compromised bank account by clicking on an attached – and bogus - link.
This is when a scammer directly targets a specific organisation or person with tailored phishing emails. Unlike bulk phishing, these attackers often gather and use a victim’s personal information - their name, company or job title - to make scam emails seem more genuine and from a legitimate source.
Voice phishing – vishing for short – is when a scammer attempts to get a target’s personal details over the phone. Typically, visher scammers create fake ID caller profiles so the phone numbers they’re calling on seem legitimate and from a local area code or trusted organisation. Learn more about what vishing is and how it works.
Smishing is an attack that uses text messaging or short message service (SMS) to target phone users. Typically, a smishing message will include a urgent demand to hook a target, inviting them to click a link, call a number or contact an email address, ultimately, to get them to share personal data.
This is when scammers use social media sites such as Facebook, Twitter or Instagram to steal personal data. In such attacks, targets are often urged to click on links on fake pages, or respond to messages sent from scammers posing as friends and family.
This phishing technique uses online adverts or eye-catching pop-ups to encourage people to click on a link that appears genuine, but instead can install malware on their computer - or redirect them to a malicious website which is operated by the attacker.
While phishing presents a very real threat, the most important thing is to exercise common sense and a good deal of caution about any message you receive which looks faintly suspicious, urges you to do something ‘right now’ or has a link or attachment which seems even remotely dodgy.
Being familiar with the tell-tale signs of a phishing attack will help you to recognise and report any that you receive. Here are some things to look out for:
While phisher scammers may attempt to reel you in, by taking a few simple precautions, you can help safeguard your information and avoid being caught out.
Don’t click on links in random emails and instant messages. Instead, hover over any links you’re unsure of to check whether the URL is legitimate. Or, if still in doubt, go directly to the source yourself via your search engine.
As a rule, you should never share sensitive information over the internet. When unsure about a particular email or message, you can log in to your account and contact the company directly to check the validity of any communication.
Submitting personal information shouldn’t be an issue as long as you’re on a secure website. However, before you do, check the site’s URL begins with ‘https’. Also, check for the site’s security certificate.
Firewalls act as a buffer against phishing attacks. The are two different kinds – desktop firewalls and network firewall – and installing both can work effectively to reduce the odds of a scammer infiltrating your computer.
If you spot the signs of a phishing scam, you can report it to Action Fraud, the national fraud and crime reporting centre. They’ll review your report, and send it to the police if necessary.
If money’s been taken from your account or you’re worried a scammer might have enough of your details to do so, let your bank know straight away. They can then protect your account from further issues.
We believe you can’t be too safe. So here are just a few ways we keep your account secure:
Barclaycard’s fraud team are dedicated to stopping scammers in their tracks. So we’ve created a Fraud Fighter tool to help keep you prepared and protected.