The BBC recently uncovered that scammers are attempting to trick us through the abuse of multilingual character sets. By creating these lookalike sites with domain names that are almost identical to the URLs we know and trust, it’s made telling the difference between fake and genuine sites – and avoiding phishing scams – increasingly difficult.
Research by security company Wandera revealed that people are three times more likely to fall for a phishing scam if it is on their phone.
As a result, this new scam targets smartphone users, where the lookalike sites are harder to spot.
How likely are we to fall for a phishing scam?
A recent survey that tested the British public’s knowledge of scams and online security behaviours found 16% of British adults have experienced online fraud. For phishing scams specifically, it’s one in ten of us.
The most common age group to experience online fraud is 35 – 54, with almost one-fifth (19%) of this demographic having fallen victim to a scam.
CEO of Get Safe Online, Tony Neate, said:
“While online fraud is common, it becomes less so when you engage common sense.
“It is very easy to clone a real website and does not take a skilled developer long to produce a very professional-looking but malicious site, but if you know what to look for, it’s easy to stay safe.”
What to look out for
There are numerous ways to determine whether or not a received email is from a legitimate company trying to help, or a scammer looking to steal financial details.
The initial sender is a good starting point. Take the time to look at the email address you’re being contacted by, not just the name. An unfamiliar address, or one that doesn’t correspond with the company, is a giveaway that it’s a fraudster.
Then take a look at the greeting. If the email opens with ‘Dear loyal customer’ or ‘Hello (followed by your email address)’ then it’s another telltale sign. The real company would address you by your full name and make it personal to you.
Careless slip-ups in the copy of the email are also giveaways. Does any of the grammar or spelling not sit quite right? This is a big indicator that it’s a phishing scam. You wouldn’t expect poor language by someone from a legitimate company.
Avoiding phishing scams that look genuine
Subtle giveaways are in the layout and presentation. Scammers will do their best to make the email look official and genuine. However, incorrect presentation, old logos or even colouring that doesn’t match up with previous emails or the official company website can also be telling signs.
A commonly used ploy by fraudsters is to play on your emotions. Either trying to invoke a positive or negative reaction, they’ll be telling you to act fast. This could either be an email coming through telling you to claim your prize (for a competition you didn’t enter) or scare tactics used to make you believe your account is under threat.
Often this is in the form of harmful links, either containing malware or sending us to copycat websites so we divulge personal information.
To overcome this, ignore any links or attachments and ensure you are reading the URL fully. If you do accidentally click a link to a website, check for the padlock symbol and the ‘https’, which indicates the website is secure. This is particularly important to remember when using a smartphone.
What to do if you receive a phishing scam
When you first spot a phishing email appear in your inbox, your first instinct might just be to just delete and move on. However, before doing this, it’s imperative to report the email; firstly to the bank or company it’s mimicking and then to Action Fraud.
This is because doing so can help prevent others falling victim. If a company knows a scam email pretending to be them is circulating they can alert other customers. It can also help close down the harmful links the fraudsters are sending around and further phishing scams off this account.
If you’ve responded to a scam email and given away any financial information then immediately change your details, such as passwords or answers to security questions. Then get in touch with your bank.