According to the UK government’s 2017 Cyber Security Breaches Survey, 46% of all businesses surveyed reported a cyber breach or attack in the last year.
Not only that, but 24% of small businesses lacking cyber security governance procedures fell victim to a cyber-attack or breach. And with the majority of these small businesses choosing not to use cyber security due to the assumption that they’re too small to be at risk, this statistic shows that cybercrime can happen no matter how big or small a business is.
But how do these security breaches happen? And how can you prevent something similar happening to your data?
Malware – short for ‘malicious software’ is often at the root of any cybercrime. Our guide covers this in more detail below. Malware is used in different ways. While in some cases, it can simply be designed to cause disruption or chaos, most often, it’s used by criminals who want to steal valuable data.
There are 3 main ways cyber criminals attempt to steal confidential data: by phishing, vishing, and smishing. We turned to Natwest’s Sharniya Ferdinand for help explaining these 3 crimes, and for some expert advice on what you should look out for and what you can do about them.
Phishing is where cyber criminals trick people via email into providing them with confidential information. They do this by pretending to be a business that the recipient would be likely to trust. For example, they may send an email pretending to be your bank who needs your passwords, or pretending to be an ecommerce store asking for you to update your payment details.
Phishing emails may also contain attachments that, when clicked on, adds something on to the user’s computer that then copies their confidential data. This is known as ‘malware phishing’. As a rule, don’t click on any links or open any attachments that are sent via email unless you are 100% certain that the sender is genuine.
Another form of phishing is known as ‘pharming’, which is where the user is redirected to a fraudulent website, where they unsuspectingly give their details to a scammer masquerading as a company they know and trust.
What to look out for
Check if the email address is exactly the same as the one that has contacted you before. Take a look at the email itself – are there any very specific personal details? For example, genuine emails are likely to include details such as your account/customer reference number. They are also less likely to greet you by your full name.
Also, is the tone particularly over the top? For example, uppercase letters throughout, multiple exclamation marks, words like ‘urgent’? And take a look at their logo – does it look different to the one you’re familiar with, or is it a low-quality, blurry image? Poor spelling and odd sentence structure should also arouse your suspicion. These details are often a giveaway sign of the email not being from a genuine company.
If you see a button or hyperlink asking you to verify your details or update your account, or an attachment, be wary – these links may be malware.
This is similar to phishing – but rather than fraudulently using email to gain confidential information, the telephone is used instead.
Here, criminals phone people under the guise of a company that’s trusted (e.g. their bank or utility company) and ask them to provide their confidential details – even details like PIN numbers, which even banks aren’t actually allowed to ask for.
What to look out for
Is the number you’re being called from listed on the company’s website? If not, it could be that the caller isn’t genuine. If you’re asked to provide confidential information over the phone by someone who has called you, simply end the call without giving any information. Call the number listed on the company’s website to report the call and confirm that it was not genuine. If you were right to be suspicious, the company can then take steps to help prevent these criminals from carrying on this activity.
Smishing is like phishing and vishing – but rather than using emails or phone calls, text messages are used instead.
This typically happens in one of two ways: either the text message asks you to phone a number and then you’re asked to give details over the phone, or the text message asks you to visit a website that’s designed to put a virus on to the phone or computer you visit the website from.
What to look out for
Similar to phishing, pay attention to the tone of the text message. It’s very unlikely that a genuine company would use unnecessary uppercase letters or numerous exclamation marks to mark something as urgent.
In addition, double-check whether you have ever given your mobile number to the company that the message is claiming to be from.
It’s a good idea to delete the text from your phone and to contact the company by the phone number on their website to report what has happened.
Want to access this guide?
Already have a Farillio account? SIGN IN
Get unlimited access to 100s of legal resources by signing up to Farillio today.
- Manage your legal documents online
- Well written legal templates by our partners
- Guides to help you understand law
- Legal help available every step of the way