Top phishing email scams to look out for
Published 22 February 2016
Here we run you through the most common phishing email scams so you know exactly which messages to avoid.
Get Safe Online, a campaign for online safety, is warning people of the dangers of ‘social engineering’ after figures showed a 21 per cent increase in incidents over the last 12 months. Social engineering is a form of fraud that sees scammers try to influence their victims into sharing their personal information.
This type of scam can come in a number of different forms, including phone calls, fake emails or texts. In this blog, we’re going to take you through the most popular themes for fake email phishing scams so you know what to stay away from online.
According to research from Get Safe Online, emails are the most popular channel for fraudsters to use to target their victims – being responsible for over three quarters of all reported incidents. The report highlighted some of the most popular angles for phishing were as follows:
BT account update
Whether you hold an account with BT or not, you should be suspicious of any emails that you receive that seem to be from the company and claiming that there’s an update available on your account. The email will usually feature a link that you’re encouraged to click on and log into your account from.
If you’re not sure if an email you’ve received is really from BT, never click on the links provided in messages, log into your account from a browser instead.
Apple customers were targeted by an iTunes invoice phishing scam designed to get them to click onto a link and claim a refund for a purchase that they didn’t make. Once their Apple ID and password were typed in, victims were prompted to send over their credit or debit card information.
HMRC tax refund scam
Fraudsters target victims by sending an email claiming that they’re due a tax rebate, to try and trick them into handing over their bank account or credit card details. You can read more about the vishing equivalent of this scam here.
Tesco vouchers, Apple ID and accident injury claim
You should be suspicious of any emails that you receive claiming that:
• You’ve qualified to enter a final draw to win Tesco vouchers
• Your Apple account has been limited and in order to fix this problem you’ll have to enter your Apple ID along with other personal information into the provided link.
• You have a valid injury claim for an accident that you had
All of these emails are likely to come with a link or document attached that will either take you to a counterfeit website or install malicious software onto your computer.
This one is exactly what it sounds like: an email is sent with a document attached which when downloaded will go on to install malicious malware onto a victim’s computer. This works in a similar way to the Royal Mail scam.
On a similar note, the false invoice scam sees fraudsters send out an email with a fake invoice attached. The unsuspecting recipient then opens this and as a result finds their computer infected with dangerous software. For more information on the invoice email scam, our blog could help.
Booked a flight recently? Even if you haven’t, you should be suspicious of any emails that you receive that come with a fake flight itinerary attached. If downloaded, this could infect your computer with malware.
Suspended credit card account or suspended Tesco Bank account
Fraudsters know that any correspondence to do with your credit or bank account can instantly grab your attention – that’s why they use this as the focus of many of their scams. As part of this, you’re sent a message claiming that something’s wrong with your account and prompted to sign into it through a provided link. The link directs you to a fake website that will compromise your details as soon as you enter them.
As a thinkmoney customer there are certain things that we will never ask you to do through email – find out what these are in our security guide.
Sky services upgrade
As a Sky customer, you should be suspicious of any unsolicited emails that you receive claiming there’s an upgrade available for your services. Again, you shouldn’t click on any links or documents attached and only log into your Sky account through a direct browser.
In a similar style to other scams, this sees customers receive a notification that their Barclays debit card has been blocked and restricted from making ATM withdrawals. In order for your debit card to be re-opened a link is provided for you to verify your account – this of course will only take you to a fake website.
Remember phishing not only relates to emails but calls and texts as well, so it’s a good idea to stay alert against scams no matter how you’re contacted.
For more information about how social engineering fraud works, check out our blog.