Phishing scams: Don’t get hooked!

In the last year alone phishing scams in the UK have grown by a scary 21 per cent and retailers and their customers have become prime targets for attack. With emails being the most ubiquitous form of communication between the retailer and consumer, criminals are increasingly using social engineering tactics to dupe unsuspecting victims into handing over their personal information by posing as trusted providers.

As a consequence, consumers are missing a trick when identifying fraudulent emails and the corporate reputation of brands the attackers are posing as take a hit to too.

Defending against attack

So what if the worst happens? Counteracting the tricks these scammers deploy means being diligent and thinking before clicking on any links or providing any personal information. The following tips should help you determine the steps needed to uncover fraudulent attempts and stay safe online:

1. Ignore any emails in which you are asked to disclose confidential information - even if you recognise the name of the sender.

2. Check the URL of the site being used before entering any sensitive data and never click on a link unless you are sure it has come from a legitimate site - if in doubt hover over the link to check the URL.

3. Check if the encrypted website has a valid certificate. You can ensure this by clicking on the symbol in front of the Internet address. A padlock or the logo of the respective site is commonly used as a symbol to mark a secure page.

4. Contact your bank immediately if you have visited a dubious website and entered your details on it by mistake and in the case of unauthorsied payments being made from an account.

Password pandemonium

Passwords are also a prime opportunity for hackers to prey on unsusupecting users. With a weak password, hackers can infiltrate accounts and select the“forgotten password” feature to request a new password, access details and even order goods. Avoiding this means being armed with a secure password. Secure passwords are ideally constructed from a particularly memorable sentence or phrase containing details that only the user knows. An example would be “Lars has 2 black dogs and 3 white cats”, when this sentence is reduced to its initials, the result is “Lh2bda3wc”. To make it even more secure, you can even add special characters, such as replacing “and” with “&”.

Following a set of golden rules also applies:

1. Never write your passwords down – especially not on Post-it notes stuck to a computer screen.

2. Never send passwords by email or if requested to do so by email - reputable banks and retailiers will never ask for personal information over email.

3. Change your passwords regularly - ideally every 30 days. You also need a different password for every single account, from online shopping to social networks. If a hacker gets hold of your password for one account it will be a walk in the park for them to access other online accounts.

Email is a crucial part of day to day life and with a threat landscape dominated by relentless cyber criminals, it’s imperative that we can spot the warning signs in order to keep track of data privacy and safety. When trawling through your inbox and creating new passwords online, keep these tips in mind to keep crafty criminals at bay.

Naveen Aricatt, legal expert, Trusted Shops

Image Credit: wk1003mike / Shutterstock