Festive Phishing scams – stay Safe online this Christmas

As the end of the year draws to a close, many of us are taking to the internet to finish our shopping, or in some cases start it, and prepare for the festivities ahead of us.

Unfortunately, as we eagerly fill our baskets and hit the ‘checkout’ button many of us are blissfully unaware that online fraud during this period has increased by 24% in the last three years, with victims losing nearly eleven and a half million pounds.

Last week, ITV’s Tonight programme tested how susceptible six members of the public were to fake emails and texts using techniques well known within our industry and referred to as ‘Phishing’ and ‘Smishing’. Alarmingly, four out of the six members of the public fell for the scam and gave away their login credentials for their online accounts.

Why is this figure alarming? It’s reported that phishing accounts for over 90% of data breaches and that 15% of people successfully phished will be targeted at least one more time within a 12 month period.

What does this tell us? Users are finding it increasingly difficult to identify phishing emails and what’s more is once they have fallen victim of an attack they will be targeted again. The attackers are smart, they wouldn’t target victims repeatedly unless they had seen this pay off in the past. So what can we do to protect of our business, family and friends?

5 Ways to Spot a Phishing Email

Listed below are 8 points to consider every time you open an email. In addition to this, Sapphire has produced a short video to highlight the top 5 ways in which to spot a phishing email.

8 Do’s and Don’ts of Email Security

Check the email ‘From’ field to validate the sender. This ‘From’ address may not be the actual sender.

Report all suspicious emails to your IT help desk. If you’re at home and receive an email from a well-known brand log into your online account via the website, not by clicking on a link.

Check for so-called ‘double-extended’ scam attachments. A text file named ‘safe.txt’ is
safe, but a file called ‘safe.txt.exe’ is not.

Note that www.microsoft.com and www.support.microsoft.software.com are two different domains. (and only the first is real!)

Open any email attachments that end with: .exe, .scr, .bat, .com, or other executable files you do not recognise.

“Unsubscribe” – it is easier to delete the e-mail than to deal with the security risks.

Ever click embedded links in messages without hovering your mouse over them first to check where the link is heading, if it’s not the same as the sender then it’s probably a scam.

Reply or respond to spam in anyway. Use the delete button.

For further information about Sapphire’s digital training and awareness programme, visit Sapphire’s website or email info@sapphire.net.