As hackers grow in sophistication, so do the phishing scams they try and entice innocent users with. We’ve rounded up some of the most common and well-used versions:
The Public Speaker
This is a long-running scam that preys on the hopes of public speakers, inviting them to speak (and be paid a hefty fee) at a conference in the UK or somewhere else in the world. In the last year or so, the scam has taken a nasty turn, targeting ministers, pastors, and preachers to invite them to a bogus religious conference and again offering them a big paycheck.
Now, the scam has taken a new direction, aimed at women and parents, or at least speakers on these subjects. Please beware if you get a letter like this. The idea is to get your personal details under the pretext of sending you some money, or getting you to send some money to take care of administrative fees or governmental controls, with a promise of a big check to come.
But this is a scam. You will never get the promised big check. The conference is not real.
So the answer is simply to ignore the email. Don’t be tempted!
The Tax Rebate
Fraudsters are generating phishing emails by posing as HMRC in order to gain access to people’s bank accounts. It appears the occurrence of these emails has become increasingly common as a Which? survey found that of 2016 adults, 40% had received communication of this nature.
The general format of these e-mails can look very convincing as they make use of genuine HMRC branding. Sometimes emails are signed off with the name of an actual HMRC employee making them seem even more realistic. The contents will generally be offering you a tax refund and asking for bank details in order for the money to be refunded.
The amount offered is usually up to £500, so as not to raise the recipient’s suspicions. The main aim of these emails is to extract money from your bank account, get you to send money or to gain enough personal information about you to sell you details to identity theft criminals. An example is below:
HMRC will never send notification of a tax reimbursement or ask for personal or payment information by email. So you can safely ignore these emails.
This is a sophisticated phishing scam that asks for permission to access files stored in Google Drive. The attack involves an email being received saying a Google Doc has been shared with you.
The message looks legitimate and appears to be from a contact you already know. But when clicked, permissions are granted to a third-party that has no relation to Google. The below image shows the phishing scam in action:
What to do if you get ‘phished’
“If you have disclosed confidential data (e.g. a username or password), go to the real site and change it immediately, to stop the criminals hijacking your online account,” You can also report emails to your email service provider.
If you see a phishing email at work, the best approach is to forward it to an IT department or report it in via internal company systems. If it appears to come from a colleague, but it does look and feel ‘phishy,’ don’t reply in the mail, call them or go to see them to confirm the validity of the mail and the contents.
Never reply to the message, even if you fancy taunting the ‘phisherman,’ you would only be confirming your email address is valid and live.
If you do click on a phishing link, it’s also worth reporting the incident to Action Fraud.